Google Chrome CVE-2025-2783 active exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
CVE-2025-2783 is being actively exploited in Google Chrome against organizations in Russia and Belarus, creating sandbox-escape and payload-delivery risk for exposed browsers. The wave is linked to Operation ForumTroll and has been active since at least February 2024. Attackers used phishing emails with short-lived links to trigger the flaw through Chrome or other Chromium-based browsers. The intrusion chain then delivered Memento Labs tools, including the LeetAgent spyware.
Related Happenings
Dify cross-tenant auth bypass vulnerabilities multiple vulnerabilities path traversal flaw (CVE-2026-41948)
Vulnerability
H score31
First: 22.06.2026 19:13
Last: 22.06.2026 19:13
Sources 1
About this happening:
Researchers disclosed **four Dify vulnerabilities** that exposed **cross-tenant AI chats, documents, and internal API access** on the platform's multi-tenant cloud service. Three...
Dify cross-tenant auth bypass vulnerabilities multiple vulnerabilities path traversal flaw (CVE-2026-41948)
VulnerabilityAbout this happening: Researchers disclosed **four Dify vulnerabilities** that exposed **cross-tenant AI chats, documents, and internal API access** on the platform's multi-tenant cloud service. Three...
Squid web proxy heap over-read security flaw (CVE-2026-47729)
Vulnerability
H score37
First: 22.06.2026 17:29
Last: 22.06.2026 17:29
Sources 1
About this happening:
**Squid web proxy** is affected by **CVE-2026-47729**, a **heap over-read** that can leak another user's **cleartext HTTP request**, including **credentials** or **session tokens*...
Squid web proxy heap over-read security flaw (CVE-2026-47729)
VulnerabilityAbout this happening: **Squid web proxy** is affected by **CVE-2026-47729**, a **heap over-read** that can leak another user's **cleartext HTTP request**, including **credentials** or **session tokens*...
Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)
Vulnerability
H score16
First: 19.06.2026 23:25
Last: 19.06.2026 23:25
Sources 1
About this happening:
An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...
Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)
VulnerabilityAbout this happening: An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...
SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)
Vulnerability
H score46
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...
SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)
VulnerabilityAbout this happening: **CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
H score39
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
Timeline
-
17.12.2025 16:54 1 articles · 6mo ago
Operation ForumTroll targets Russian scholars with fake eLibrary emails
Campaign Scope UpdateKaspersky described a new Operation ForumTroll phishing wave targeting scholars in political science, international relations, and global economics at major Russian universities and research institutions with fake eLibrary emails from support@e-library[.]wiki, one-time links, and ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip that run a LNK and PowerShell chain to fetch a DLL and deploy Tuoni for remote access.
Show sources
- New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails — thehackernews.com — 17.12.2025 16:54
-
28.10.2025 10:22 1 articles · 8mo ago
Kaspersky discloses Chrome zero-day exploitation to deliver Memento Labs LeetAgent
Initial DisclosureKaspersky disclosed that a now-patched Google Chrome zero-day, CVE-2025-2783, was used in Operation ForumTroll to trigger a sandbox escape through personalized phishing links and deliver Memento Labs tools, including the LeetAgent spyware, against organizations and individuals in Russia and Belarus.
Show sources
- Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware — thehackernews.com — 28.10.2025 10:22