Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

June 21, 2025

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper.
The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).
Google addressed the flaw later that month after Kaspersky reported in-the-wild

Source: Read More

Previous ArticleVeeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Next Article Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Highlights

CVE-2025-34021 – Selea Targa SSRF

June 20, 2025

CVE ID : CVE-2025-34021

Published : June 20, 2025, 7:15 p.m. | 3 hours, 14 minutes ago

Description : A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

I replaced my Pixel 9 Pro with a $750 Android for a week. Now I’m questioning my loyalty

Less UFO, more Wall-E: You’ve never seen the best robot vacuum on the market

ChatGPT can now sum up your meetings – here’s how to use it (and who can)

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

vitorccs/laravel-csv

vitorccs/laravel-csv

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

RBDOOM-3-BFG is a modernization effort of DOOM-3-BFG

RBDOOM-3-BFG is a modernization effort of DOOM-3-BFG

Rilasciato XLibre 25.0: il nuovo fork del server grafico X.Org si presenta al mondo GNU/Linux

Scoperte 2 Nuove Vulnerabilità che Minacciano il Mondo GNU/Linux

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

CVE-2025-47946 – Symfony UX Twig Component Attribute Injection XSS

CVE-2025-26892 – dkszone Celestial Aura Unrestricted File Upload RCE

High-Severity SonicWall SSLVPN Vulnerability Allows Firewall Crashing

Grand Theft Auto VI delay causes Take-Two shares to drop, while CEO Strauss Zelnick assures investors that everything is fine

CVE-2025-34021 – Selea Targa SSRF

Rilasciato Incus 6.13: Gestore di Container e Macchine Virtuali

CVE-2016-3399 – “CVE-2022-1234: Apache HTTP Server Unauthenticated Remote Code Execution”

CVE-2025-4075 – VMSMan Cross Site Scripting Vulnerability

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Related Posts