In March 2025, we discovered Operation ForumTroll, a series of sophisticated cyberattacks exploiting the CVE-2025-2783 vulnerability in Google Chrome. Kaspersky researchers previously detailed the malicious implants used in the operation: the LeetAgent backdoor and the complex spyware Dante, developed by Memento Labs (formerly Hacking Team). However, the attackers behind this operation didn’t stop at their spring campaign and have continued to infect targets within the Russian Federation.
In October 2025, just days before we presented our report detailing the ForumTroll APT group’s attack at the Security Analyst Summit, we detected a new targeted phishing campaign by the same group.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew
October 19, 2018
Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could be exploited. The bug affects the widely used jQuery File Upload widget and allowed an attacker to upload ...
- SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
October 18, 2018
Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe. SettingContent-ms is a recent addition to ...
- Critical Flaws Found in Amazon FreeRTOS IoT Operating System
October 18, 2018
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has ...
- CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
October 17, 2018
Trend Micro found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users. We’ve worked ...
- LibSSH Flaw Allows Hackers to Take Over Servers Without Password
October 16, 2018
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving ...
- Security researchers find solid evidence linking Industroyer to NotPetya
October 11, 2018
Malware analysts from Slovak cyber-security firm ESET have found substantial evidence that links cyber-attacks performed against Ukraine’s power grid to the same group behind the NotPetya ransomware outbreak of June 2017. The link is not a direct one, but through a third malware strain that was spotted in an unrelated hacking operation in April this year. Researchers ...