All articles tagged with #chrome zero day
A Chrome zero-day exploited in Operation ForumTroll was linked to Italian spyware vendor Memento Labs, which developed the LeetAgent and Dante malware used in targeted attacks on Russian and Belarusian organizations. The campaign involved sophisticated phishing and browser exploits, with Memento Labs emerging as a successor to the notorious Hacking Team.
A zero-day vulnerability in Google Chrome (CVE-2025-2783) exploited by the Mem3nt0 mori hacker group has led to widespread infections using sophisticated spyware like LeetAgent, targeting high-profile entities in Russia and Belarus through targeted phishing campaigns. Google patched the flaw quickly, but the attacks highlight ongoing risks from advanced persistent threats and shadowy spyware markets. Users are advised to update Chrome and monitor for suspicious activity.
This weekly cybersecurity recap highlights a range of threats including a Google Chrome zero-day actively exploited in the wild, the rapid adoption of AI-powered penetration tools like Villager, a novel DDR5 RowHammer attack, arrests of cybercriminals linked to major attacks, and ongoing supply chain and malware campaigns. It emphasizes the fast-paced nature of cyber threats and the importance of timely patching, awareness, and proactive defense strategies.
Apple released iOS 18.6, iPadOS 18.6, and macOS Sequoia 15.6 to address a critical zero-day vulnerability (CVE-2025-6558) exploited in Chrome, which could allow remote code execution by bypassing sandboxing. The updates also include bug fixes and improvements across Apple devices.
CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome's V8 JavaScript engine, which is actively exploited in the wild and affects multiple Chromium-based browsers. The flaw allows remote attackers to perform arbitrary read/write operations, potentially leading to system compromise. Organizations are urged to patch immediately by July 23, 2025, or cease using affected browsers to mitigate the risk.
Google quietly deployed a fix for a high-severity Chrome zero-day (CVE-2025-5419) that was actively exploited in the wild, involving a vulnerability in Chrome's V8 engine that could allow remote code execution. The patch was rolled out with Chrome 137.0.7151.68/69 for various platforms, following earlier emergency updates for similar zero-days used in espionage and cyberattacks.