Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

June 18, 2025

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper.
The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).
Google addressed the flaw later that month after Kaspersky reported in-the-wild

Source: Read More

Previous ArticleIran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict

Next Article Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Highlights

CVE-2025-2761 – GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

April 23, 2025

CVE ID : CVE-2025-2761

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Stop Being So ####

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Test Deferred Operations Easily with Laravel’s withoutDefer Helper

Test Deferred Operations Easily with Laravel’s withoutDefer Helper

pdphilip/elasticsearch

Build AI Agents That Run Your Day – While You Focus on What Matters

ONLYOFFICE Docs 9.0 is here: discover the redesigned interface, diagram viewer, AI tools and more

ONLYOFFICE Docs 9.0 is here: discover the redesigned interface, diagram viewer, AI tools and more

Banana Pi BPI-F3 Single Board Computer Running Linux: Introduction

Securonis Linux – privacy and security-focused distribution

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Test Deferred Operations Easily with Laravel’s withoutDefer Helper

pdphilip/elasticsearch

ASUS Armoury Crate bug lets attackers get Windows admin privileges

CVE-2025-40555 – APOGEE PXC+TALON TC Series BACnet Broadcast Storm Denial of Service Vulnerability

BorgTUI is a TUI and CLI to automate BorgBackup

CVE-2025-2890 – TagDiv Opt-In Builder WordPress SQL Injection

CVE-2025-2761 – GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

CVE-2025-49141 – HAX CMS PHP OS Command Injection

SBOMs Without the F-Bombs

CVE-2025-43575 – Adobe Acrobat Reader Out-of-Bounds Write Arbitrary Code Execution Vulnerability

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Related Posts