PuzzleMaker Hackers Targeting Windows 10 With Chrome Zero-days

According to the security researchers from Kaspersky Lab, a threat actor PuzzleMaker is currently targeting multiple companies worldwide with Windows 10 and Chrome exploits. The zero-day exploit chain deployed in the campaign used a remote code execution vulnerability in the Google Chrome V8 JavaScript engine to access the targeted systems. The attackers abused the Windows Notification Facility (WNF) together with the CVE-2021-31956 vulnerability to execute malware modules with system privileges on compromised Windows 10 systems. Read more...