CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,” Microsoft has revealed. The latter vulnerability was patched by the company in July 2024, and threat hunters with Trend Micro’s Zero Day Initiative explained that it had been used by the Void Banshee APT group to … More
The post Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) appeared first on Help Net Security.