Memento Labs Linked to Chrome Zero-Day Exploit in 2025

Cyber Security News by CyberSum.net

Published on October 28, 2025 at 12:00 AM

5 sources

Kaspersky researchers have attributed the first Chrome zero-day of 2025 to Memento Labs, formerly known as Hacking Team. The vulnerability, CVE-2025-2783, was exploited in a state-sponsored cyber-espionage campaign. The attack involved sophisticated phishing tactics and the use of Dante spyware, which has been linked to Memento Labs since 2022. The campaign targeted media, research, and government entities, using well-crafted emails and a validator script to verify victims. The malware, LeetAgent, supported various commands and connected to C2 servers to execute tasks such as keylogging and file-stealing.

Also Read

Cyber Espionage Campaign Targets Diplomats with PlugX Malware

A threat actor known as UNC6384 has been targeting diplomatic entities in a cyber-espionage campaign since September. The group exploits a high-severity Windows vulnerability and uses refined social engineering tactics. The attack starts with spear-phishing emails leading to malicious LNK files, which ultimately deploy the PlugX remote access Trojan (RAT). The campaign is expanding across the diplomatic community and government agencies in various regions. Mitigation measures include reviewing and blocking command-and-control infrastructures and conducting security awareness training.

By Cyber Security News by CyberSum.netNovember 1, 2025 at 03:00 AM