Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool

Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S.
« MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems, » Fortinet FortiGuard