Dark Reading

Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit

Two separate vulnerabilities exist in different versions of Windows that allow attackers to sneak malicious attachments and files past Microsoft's Mark of the Web (MoTW) security feature. Attackers ...
Bleeping Computer

Exploited Windows zero-day lets JavaScript files bypass security warnings

An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to ...