A recently discovered exploit targeting a vulnerability in Microsoft’s internal browser engine, MSHTML, could become a prolific tool by cyber criminals in both targeted and wide-spread campaigns. CVE-2021-40444, a remote code execution vulnerability within Microsoft’s MSHTML browser engine was disclosed by Microsoft in a 07 September 2021 advisory1 but a malicious document involved in the exploit …

Recently we uncovered a ransomware distribution operation targeting European users and carried out via phishing scams. In this post we will show how we have conducted the research: from the initial infection stage back to the person that is orchestrating the whole operation. These campaigns are targeting Italy, Denmark and Spain, although we have detected two new campaigns about to be started …