Topic: sandbox escape
-
Pyodide Sandbox Escape Leads to Grist-Core RCE Vulnerability
A critical vulnerability in Grist-Core allowed remote code execution via a malicious spreadsheet formula, enabling attackers to compromise the host system. The flaw involved escaping the Python sandbox to execute arbitrary commands, turning a spreadsheet into an active attack tool, especially ris...
Read More » -
Chrome Zero-Day Used to Spread LeetAgent Spyware
A zero-day vulnerability in Google Chrome (CVE-2025-2783) was exploited via phishing in Operation ForumTroll, allowing attackers to escape Chrome's sandbox and deploy spyware developed by Memento Labs. The attack delivered LeetAgent spyware, which executed commands, stole files, and communicated ...
Read More » -
Italian Spyware 'Dante' Exploits Chrome Zero-Day Flaw
A cyber espionage campaign exploited a critical Google Chrome zero-day vulnerability (CVE-2025-2783) to deploy commercial spyware on high-value targets in Russia and Belarus, bypassing the browser's sandbox protection. The attack, named Operation ForumTroll, used forged forum invitations to deliv...
Read More » -
Apple Offers $2 Million Bounty for Zero-Click Exploits
Apple is dramatically increasing its security bounty rewards, now offering up to $2 million for zero-click exploit chains and potential bonuses that could push payouts over $5 million, targeting vulnerabilities in its latest software and hardware. The program enhancements, including new reward ca...
Read More »