In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- More pre-installed malware has been found in budget US smartphones
July 9, 2020
Pre-installed malware has been discovered on another budget handset connected to Assurance Wireless by Virgin Mobile. Back in January, cybersecurity researchers from Malwarebytes discovered unremovable malware bundled with the Android operating systems on the Unimax (UMX) U686CL, a low-end handset sold by Assurance Wireless as part of the Lifeline Assistance program, a 1985 US initiative which subsidizes telephone services for ...
- New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
July 8, 2020
Researchers at Trend Micro discovered a new Mirai variant (detected as IoT.Linux.MIRAI.VWISI) that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants. This discovery is a new addition to the Mirai variants that appeared in the past few months, that include SORA, UNSTABLE, and Mukashi. The case, ...
- 15 Billion Credentials Currently Up for Grabs on Hacker Forums
July 8, 2020
Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday — “From Exposure to Takeover” by the Digital Shadows Photon Research Team — found that 100,000 separate data ...
- Patch Now: F5 Vulnerability with CVSS 10 Severity Score
July 7, 2020
F5 Networks, a provider of networking devices and services, urges users to patch their BIG-IP networking systems as soon as possible, after the provider disclosed two vulnerabilities. First of these is CVE-2020-5902, a critical remote code execution (RCE) vulnerability found in BIG-IP device’s Traffic Management User Interface (TMUI). CVE-2020-5902 received a 10 out of 10 score on the Common ...
- ‘Keeper’ hacking group behind hacks at 570 online stores
July 7, 2020
A hacking group known as “Keeper” is responsible for security breaches at more than 570 online e-commerce portals over the last three years. The Keeper gang broke into online store backends, altered their source code, and inserted malicious scripts that logged payment card details entered by shoppers in checkout forms. These types of attacks are what the ...
- German authorities seize ‘BlueLeaks’ server that hosted data on US cops
July 7, 2020
German authorities have seized today a web server that hosted BlueLeaks, a website that provided access to internal documents stolen from US police departments. The server belonged to DDoSecrets (Distributed Denial of Secrets), an activist group that published the files last month, in mid-June. The server seizure was announced today by investigative journalist Emma Best, one of ...