Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Google Chrome CVE-2025-2783 active exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 53
1 unique sources, 2 articles

Summary

Hide ▲

CVE-2025-2783 is being actively exploited in Google Chrome against organizations in Russia and Belarus, creating sandbox-escape and payload-delivery risk for exposed browsers. The wave is linked to Operation ForumTroll and has been active since at least February 2024. Attackers used phishing emails with short-lived links to trigger the flaw through Chrome or other Chromium-based browsers. The intrusion chain then delivered Memento Labs tools, including the LeetAgent spyware.

Related Happenings

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Open Happening

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Open Happening

Godzilla (BLUEBEAM) web shell and Cobalt Strike deployment via KnowledgeDeliver exploitation

Malware Activity
First: 26.05.2026 08:19 Last: 26.05.2026 08:19 Sources 1

About this happening: The **Godzilla (BLUEBEAM)** web shell is now being used after **CVE-2026-5426** exploitation to run commands and stage **Cobalt Strike Beacon**, giving attackers a durable foothol...

Open Happening

Webworm expanded European government and South Africa university espionage campaign

Campaign
First: 20.05.2026 14:30 Last: 20.05.2026 14:30 Sources 1

About this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...

Open Happening

108 Malicious Google Chrome extensions sharing a C2 backend

Malware Activity
First: 14.04.2026 11:35 Last: 14.04.2026 11:35 Sources 1

About this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...

Open Happening

Timeline

  1. 17.12.2025 16:54 1 articles · 5mo ago

    Operation ForumTroll targets Russian scholars with fake eLibrary emails

    Campaign Scope Update

    Kaspersky described a new Operation ForumTroll phishing wave targeting scholars in political science, international relations, and global economics at major Russian universities and research institutions with fake eLibrary emails from support@e-library[.]wiki, one-time links, and ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip that run a LNK and PowerShell chain to fetch a DLL and deploy Tuoni for remote access.

    Show sources
    Open in new tab
  2. 28.10.2025 10:22 1 articles · 7mo ago

    Kaspersky discloses Chrome zero-day exploitation to deliver Memento Labs LeetAgent

    Initial Disclosure

    Kaspersky disclosed that a now-patched Google Chrome zero-day, CVE-2025-2783, was used in Operation ForumTroll to trigger a sandbox escape through personalized phishing links and deliver Memento Labs tools, including the LeetAgent spyware, against organizations and individuals in Russia and Belarus.

    Show sources
    Open in new tab