icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Google Fixes Chrome Zero-Day Exploited in Espionage Campaign

Summary:
On Tuesday, Google addressed a zero-day vulnerability in its Chrome browser that had been actively exploited in attacks. Tracked as CVE-2025-2783, the vulnerability stems from an “incorrect handle provided in unspecified circumstances in Mojo on Windows.” Kaspersky researchers, who identified and reported the flaw to Google, revealed that CVE-2025-2783 has been used by threat actors to bypass Chrome’s sandbox protections and deploy sophisticated malware. This vulnerability is primarily being exploited in phishing campaigns targeting media outlets and educational institutions in Russia. In the attack observed by Kaspersky, the infection begins with an email containing a seemingly legitimate invitation from the organizers of the “Primakov Readings,” a scientific and expert forum. Clicking the invitation link triggers the exploit, allowing attackers to escape the browser’s sandbox and infect the victim’s system with malware.

Security Officer Comments:
According to Kaspersky, the links embedded in the phishing emails were personalized and designed to have a very short lifespan, enhancing their effectiveness and reducing the likelihood of detection. In this case, these links no longer trigger the exploit and simply redirect visitors to the official "Primakov Readings" website.

While Kaspersky didn’t clearly specify the type of malware deployed in this campaign. However, based on the detections provided by Kaspersky in its advisory, the malware likely enables actors to gain unauthorized access to systems, exfiltrate data, and potentially install additional malicious payloads for long-term control.

Suggested Corrections:
The exploit identified by Kaspersky was designed to work alongside another exploit that enables remote code execution. Unfortunately, Kaspersky was unable to obtain this second exploit, as it would have required waiting for a new wave of attacks, potentially exposing users to further infection. Fortunately, the vulnerability used to bypass the Chrome sandbox has been patched in Chrome version 134.0.6998.177/.178 for Windows, effectively blocking the entire attack chain.

Link(s):
https://www.bleepingcomputer.com/ne...ome-zero-day-exploited-in-espionage-campaign/

Contact Us for Threat Assistance
Back to Current Threats