Google has addressed a zero-day vulnerability in its Chrome browser that was actively exploited in a hacking campaign targeting journalists. This flaw, identified as CVE-2025-2783, allowed attackers to bypass the browser's sandbox protections. The patch was developed following reports from Kaspersky, which indicated that a state-sponsored group may have utilized the vulnerability for espionage against Russian users. Users are advised to update their Chrome browsers immediately to ensure their security. Additionally, a new type of malware has emerged on the npm package repository, which modifies legitimate packages to deploy reverse shell attacks. Researchers have identified two rogue packages that alter the ethers library, posing a risk to developers who may unknowingly install these malicious updates.