Microsoft has confirmed the active exploitation of a high-severity Windows vulnerability, CVE-2024-43461, which targets the MSHTML platform. This zero-day flaw, with a CVSS score of 8.8, was initially listed as unexploited upon its disclosure but has since been actively used in cyberattacks, delivering Atlantida stealer malware. The vulnerability was patched during Microsoft's Patch Tuesday updates. The flaw was exploited before July 2024, using braille spaces in attacks. Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog. The 'Void Banshee' group has also exploited a second Microsoft zero-day.