Sergiu Gatlan reports:
A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware.
Proofpoint first reported Monday that the same zero-day was used in phishing targeting US and EU government agencies.
Read more at BleepingComputer.