In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Russian state hackers stole data from US government networks
October 22, 2020
DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months. Energetic Bear (also tracked as Berserk Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala), a hacking group active since ...
- French IT giant Sopra Steria hit by Ryuk ransomware
October 22, 2020
French IT services giant Sopra Steria suffered a cyberattack on October 20th, 2020, that reportedly encrypted portions of their network with the Ryuk ransomware. Sopra Steria is a European information technology company with 46,000 employees in 25 countries worldwide. The company provides a wide range of IT services, including consulting, systems integration, and software development. On October ...
- Life of Maze ransomware
October 21, 2020
In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Dozens of organizations have fallen victim to this vile malware, including LG, Southwire, and the City of Pensacola. The history of this ransomware began in the first half of 2019, and back then it didn’t have ...
- MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states
October 21, 2020
A month after details were published about three severe vulnerabilities in a type of server used to manage fleets of mobile devices, multiple threat actors are now exploiting these bugs to take over crucial enterprise servers and even orchestrate intrusions inside company networks. The targets of these attacks are MDM servers from software maker MobileIron. MDM stands ...
- Montreal’s STM public transport system hit by ransomware attack
October 21, 2020
Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems. On October 19th, STM suffered an outage that affected its IT systems, website, and customer support. While these outages did not affect the operation of buses or metro systems, people with disabilities who ...
- Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
October 21, 2020
The Iran-linked espionage group Seedworm (aka MuddyWater) has been highly active in recent months, attacking a wide range of targets, including a large number of government organizations in the Middle East. Many of the organizations attacked by Seedworm in recent months have also been targeted by a recently discovered tool called PowGoop (Downloader.Covic), suggesting that it ...