Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google Chrome CVE-2025-2783 active exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 41
1 unique sources, 2 articles

Summary

Hide ▲

CVE-2025-2783 is being actively exploited in Google Chrome against organizations in Russia and Belarus, creating sandbox-escape and payload-delivery risk for exposed browsers. The wave is linked to Operation ForumTroll and has been active since at least February 2024. Attackers used phishing emails with short-lived links to trigger the flaw through Chrome or other Chromium-based browsers. The intrusion chain then delivered Memento Labs tools, including the LeetAgent spyware.

Related Happenings

Dify cross-tenant auth bypass vulnerabilities multiple vulnerabilities path traversal flaw (CVE-2026-41948)

Vulnerability
H score31 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: Researchers disclosed **four Dify vulnerabilities** that exposed **cross-tenant AI chats, documents, and internal API access** on the platform's multi-tenant cloud service. Three...

Squid web proxy heap over-read security flaw (CVE-2026-47729)

Vulnerability
H score37 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid web proxy** is affected by **CVE-2026-47729**, a **heap over-read** that can leak another user's **cleartext HTTP request**, including **credentials** or **session tokens*...

Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)

Vulnerability
H score16 First: 19.06.2026 23:25 Last: 19.06.2026 23:25 Sources 1

About this happening: An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...

SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)

Vulnerability
H score46 First: 15.06.2026 23:06 Last: 15.06.2026 23:06 Sources 1

About this happening: **CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Timeline

  1. 17.12.2025 16:54 1 articles · 6mo ago

    Operation ForumTroll targets Russian scholars with fake eLibrary emails

    Campaign Scope Update

    Kaspersky described a new Operation ForumTroll phishing wave targeting scholars in political science, international relations, and global economics at major Russian universities and research institutions with fake eLibrary emails from support@e-library[.]wiki, one-time links, and ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip that run a LNK and PowerShell chain to fetch a DLL and deploy Tuoni for remote access.

    Show sources
  2. 28.10.2025 10:22 1 articles · 8mo ago

    Kaspersky discloses Chrome zero-day exploitation to deliver Memento Labs LeetAgent

    Initial Disclosure

    Kaspersky disclosed that a now-patched Google Chrome zero-day, CVE-2025-2783, was used in Operation ForumTroll to trigger a sandbox escape through personalized phishing links and deliver Memento Labs tools, including the LeetAgent spyware, against organizations and individuals in Russia and Belarus.

    Show sources