MSHTML

February 8, 2024

HijackLoader Evolves: Researchers Decode the Latest Evasion Methods

The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues…
Read More »
December 18, 2023

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to…
Read More »
December 13, 2023

Microsoft’s Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical

Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it…
Read More »
October 30, 2023

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware

A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as…
Read More »
September 13, 2023

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been…
Read More »
July 12, 2023

Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack

Microsoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day…
Read More »
May 10, 2023

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass…
Read More »
September 28, 2022

Hackers Using PowerPoint Mouseover Trick to Infect System with Malware

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use…
Read More »
March 31, 2022

Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks

A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as…
Read More »
March 18, 2022

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated…
Read More »