In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to […]
The post APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by a suspected state-sponsored APT group to target media outlets and educational institutions in Russia. About CVE-2025-2783 Google explains the source of the flaw thus: “Incorrect handle provided in unspecified circumstances in Mojo on Windows.” … More →
The post Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) appeared first on Help Net Security.
Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded to VirusTotal in January 2024 from the U.S., employs advanced techniques to evade detection and maintain persistence on compromised systems. Exploitation of […]
The post New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.