Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Chrome CVE-2025-2783 active exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 53
1 unique sources, 2 articles

Summary

Hide ▲

CVE-2025-2783 is being actively exploited in Google Chrome against organizations in Russia and Belarus, creating sandbox-escape and payload-delivery risk for exposed browsers. The wave is linked to Operation ForumTroll and has been active since at least February 2024. Attackers used phishing emails with short-lived links to trigger the flaw through Chrome or other Chromium-based browsers. The intrusion chain then delivered Memento Labs tools, including the LeetAgent spyware.

Related Happenings

Godzilla (BLUEBEAM) web shell and Cobalt Strike deployment via KnowledgeDeliver exploitation

Malware Activity
First: 26.05.2026 08:19 Last: 26.05.2026 08:19 Sources 1

About this happening: The **Godzilla (BLUEBEAM)** web shell is now being used after **CVE-2026-5426** exploitation to run commands and stage **Cobalt Strike Beacon**, giving attackers a durable foothol...

Open Happening

Webworm expanded European government and South Africa university espionage campaign

Campaign
First: 20.05.2026 14:30 Last: 20.05.2026 14:30 Sources 1

About this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...

Open Happening

108 Malicious Google Chrome extensions sharing a C2 backend

Malware Activity
First: 14.04.2026 11:35 Last: 14.04.2026 11:35 Sources 1

About this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...

Open Happening

Google security patch release for CVE-2026-5281

Security Patch Release
First: 01.04.2026 13:25 Last: 01.04.2026 13:25 Sources 1

About this happening: **Google** issued **emergency Chrome updates** to fix **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU** that was **exploited in the wild**, creating crash, corruptio...

Open Happening

GlassWorm multi-stage data-theft malware evolution

Malware Activity
First: 25.03.2026 16:26 Last: 25.03.2026 16:26 Sources 1

About this happening: The **GlassWorm** malware family has evolved into a **multi-stage** payload chain that steals browser data and crypto-wallet information, increasing risk for **Windows** and **mac...

Open Happening

Timeline

  1. 17.12.2025 16:54 1 articles · 5mo ago

    Operation ForumTroll targets Russian scholars with fake eLibrary emails

    Campaign Scope Update

    Kaspersky described a new Operation ForumTroll phishing wave targeting scholars in political science, international relations, and global economics at major Russian universities and research institutions with fake eLibrary emails from support@e-library[.]wiki, one-time links, and ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip that run a LNK and PowerShell chain to fetch a DLL and deploy Tuoni for remote access.

    Show sources
    Open in new tab
  2. 28.10.2025 10:22 1 articles · 7mo ago

    Kaspersky discloses Chrome zero-day exploitation to deliver Memento Labs LeetAgent

    Initial Disclosure

    Kaspersky disclosed that a now-patched Google Chrome zero-day, CVE-2025-2783, was used in Operation ForumTroll to trigger a sandbox escape through personalized phishing links and deliver Memento Labs tools, including the LeetAgent spyware, against organizations and individuals in Russia and Belarus.

    Show sources
    Open in new tab