Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East

Threat Level – Red | Vulnerability Report
Download PDF

Candiru(Saito Tech) spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability in WebRTC is a heap-based buffer overflow. Its successful exploitation may result in code execution on the targeted device.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox