Russian Hackers Exploit Zero-Day Flaws in Firefox and Windows
A Russian hacking group, identified as "RomCom," has exploited two zero-day vulnerabilities to target Firefox and Tor browser users on Windows PCs, primarily in Europe and North America. The attacks, which began in October, involve a malicious web page that installs a backdoor on victims' PCs without user interaction. The vulnerabilities, CVE-2024-9680 and CVE-2024-49039, have been patched by Mozilla, Tor, and Microsoft. However, users who haven't updated remain at risk. ESET links these attacks to RomCom's previous exploits.