CyberSecurity news

FlagThis - #firefox

jane.mccallion@futurenet.com (Jane@itpro.com //

Security Expert Troy Hunt's Mailing List Compromised

Security expert Troy Hunt, the creator of the data breach notification site Have I Been Pwned, has fallen victim to a sophisticated phishing attack. The incident, which occurred on March 25, 2025, resulted in the compromise of his email subscriber list, affecting approximately 16,000 current and past subscribers to his personal blog. The attackers gained access to Hunt's Mailchimp account after he clicked on a malicious link in an email disguised as a legitimate notice from the email marketing provider.

Hunt immediately disclosed the breach, emphasizing the importance of transparency and acknowledging his frustration with falling for the scam. The phishing email exploited a sense of urgency by claiming a spam complaint had triggered a temporary suspension of his account, prompting him to enter his credentials and one-time passcode. While 2FA was enabled on his Mailchimp account, the phish still managed to get the one time passcode. Industry experts have said the incident underscores how even seasoned cybersecurity professionals can be vulnerable to social engineering tactics that prey on human weaknesses, such as tiredness and a sense of urgency.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • haveibeenpwned.com: In March 2025, . The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
  • PCMag UK security: Creator of HaveIBeenPwned Data Breach Site Falls for Phishing Email
  • www.itpro.com: Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
  • Malwarebytes: Security expert Troy Hunt hit by phishing attack
  • gbhackers.com: Mozilla is working to patch the vulnerability, tracked as CVE-2025-2857, with security updates for Firefox 136.0.4 and Firefox ESR versions 128.8.1 and 115.21.1.
  • securityaffairs.com: Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows.
  • The DefendOps Diaries: Mozilla warns of a critical Firefox vulnerability allowing sandbox escapes, posing significant security risks to Windows users.
Classification:
  • HashTags: #Phishing #HIBP #SecurityBreach
  • Company: Troy Hunt
  • Target: Troy Hunt's Subscribers
  • Product: Mailchimp
  • Feature: phishing attack
  • Malware: Mailchimp Phish
  • Type: Hack
  • Severity: Medium
Sergiu Gatlan@BleepingComputer //

Google Patches Chrome Zero-Day in Espionage Campaign

Google has released a critical security update for its Chrome browser to address a high-severity zero-day vulnerability, identified as CVE-2025-2783. This vulnerability was actively exploited in a sophisticated espionage campaign targeting Russian organizations, specifically media companies, educational institutions, and government entities. According to Kaspersky, the vulnerability allowed attackers to bypass Chrome’s sandbox protections, gaining unauthorized access to affected systems without requiring further user interaction. This incident marks the first actively exploited Chrome zero-day since the start of the year, underscoring the persistent threat landscape faced by internet users.

Kaspersky's investigation, dubbed "Operation ForumTroll," revealed that the attacks were initiated through personalized phishing emails disguised as invitations to the "Primakov Readings" forum. Clicking the malicious link led victims to a compromised website that immediately exploited the zero-day vulnerability. The technical sophistication of the exploit chain points to a highly skilled Advanced Persistent Threat (APT) group. Google urges users to update their Chrome browsers immediately to version 134.0.6998.177/.178 for Windows to mitigate the risk.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberinsider.com: Google has released a security update for Chrome to address a high-severity zero-day vulnerability that was actively exploited in a sophisticated espionage campaign targeting Russian organizations.
  • thehackernews.com: Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
  • securityaffairs.com: Google fixed the first actively exploited Chrome zero-day since the start of the year
  • techcrunch.com: Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists
  • thecyberexpress.com: Google has rolled out a new security update for Chrome users, following the discovery of a vulnerability, CVE-2025-2783, affecting the Windows version of the browser.
  • The DefendOps Diaries: Google Chrome Vulnerability CVE-2025-2783: A Closer Look
  • Cybernews: Google has patched a dangerous zero-day vulnerability that has already been exploited by sophisticated threat actors in the wild
  • Zack Whittaker: New: Google has fixed a zero-day bug in Chrome that was being actively exploited as part of a hacking campaign. Kaspersky says the bug was exploited to target journalists and employees at educational institutions.
  • Kaspersky official blog: Kaspersky’s GReAT experts have discovered the Operation ForumTroll APT attack, which used a zero-day vulnerability in Google Chrome.
  • bsky.app: Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations.
  • Cyber Security News: Operation ForumTroll: APT Hackers Use Chrome Zero-Day to Evade Sandbox Protections.
  • www.bleepingcomputer.com: Google has released out-of-band fixes to address a high-severity security flaw in Chrome browser for Windows that has been actively exploited.
  • Help Net Security: Help Net Security: Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
  • securityonline.info: CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
  • MSSP feed for Latest: Google remediated the high-severity Chrome for Windows zero-day vulnerability.
  • The Register - Security: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
  • thecyberexpress.com: CISA Issues Urgent Security Alerts: Critical Vulnerabilities in Schneider Electric, Chrome, and Sitecore
  • PCMag UK security: Details about Firefox also being affected by Chrome zero-day flaw
  • CyberInsider: Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
  • iHLS: Google Patches Dangerous Zero-Day Flaw in Chrome
  • PCMag UK security: Time to Patch: Google Chrome Flaw Used to Spread Spyware
  • MSPoweruser: Google patches a Chrome zero-day vulnerability used in espionage
  • The Hacker News: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
  • Blog: Mozilla has released updates to fix a critical security flaw in its Firefox browser for Windows. The vulnerability, designated CVE-2025-2857, stems from improper handling within the browser's inter-process communication (IPC) code, which could allow a compromised child process to gain elevated privileges by manipulating the parent process into returning a powerful handle, potentially leading to sandbox escape.
  • techcrunch.com: Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome
  • securityaffairs.com: Google addressed a critical vulnerability, tracked as CVE-2025-2783, impacting its Chrome browser for Windows.
  • securityaffairs.com: U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
  • www.scworld.com: Mozilla Patches Firefox Bug Exploited in the Wild, Similar to Chrome Zero-Day
  • OODAloop: Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
  • bsky.app: Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.
Classification:
SC Staff@scmagazine.com //

FakeUpdate Campaigns Push FrigidStealer Mac Infostealer

The FakeUpdate malware campaigns are becoming increasingly complex with the emergence of new cybercrime groups, TA2726 and TA2727, now involved in pushing a new macOS infostealer called FrigidStealer. This malware is being distributed through web inject campaigns, where users are tricked into downloading fake browser updates. Proofpoint researchers have identified FrigidStealer as a new threat targeting Mac users.

This campaign also uses Windows and Android payloads, suggesting a broad targeting strategy. The malicious JavaScript used to display the fake browser update messages is being adopted by an increasing number of threat actors, making tracking and analysis more challenging. Proofpoint identified two new cybercriminal threat actors, TA2726 and TA2727, operating components of web inject campaigns.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberinsider.com: New macOS Malware FrigidStealer Spreads via Fake Updates
  • www.scworld.com: Novel FrigidStealer macOS malware spread via bogus browser updates
  • Virus Bulletin: Proofpoint researchers identified FrigidStealer, a new MacOS malware delivered via web inject campaigns. They also found two new threat actors, TA2726 and TA2727, operating components of web inject campaigns.
  • www.bleepingcomputer.com: FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.
  • Proofpoint Threat Insight: Proofpoint researchers identified FrigidStealer, a new MacOS malware delivered via web inject campaigns. They also found two new threat actors, TA2726 and TA2727, operating components of web inject campaigns.
  • bsky.app: The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.
  • BleepingComputer: The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.
  • Anonymous ???????? :af:: FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.
Classification:
  • HashTags: #MacOS #Malware #FakeUpdate
  • Company: Mozilla
  • Target: MacOS Users
  • Attacker: TA2726 and TA2727
  • Product: Firefox
  • Feature: Fake Browser Updates
  • Malware: FrigidStealer
  • Type: Malware
  • Severity: HighRisk

Posts

Blogs

Research Tools