Void Banshee APT used Windows zero-day to distribute malware

Void Banshee APT group exploited CVE-2024-38112, a Windows zero-day, to distribute Atlantida malware via PDF-like files. The attack targeted professionals and students in North America, Europe, and Southeast Asia. The malware steals sensitive data from applications and browsers. Microsoft patched the vulnerability in July 2024 without prior notification to researchers, sparking concerns about coordinated vulnerability disclosure. Researchers emphasize the importance of collaboration between vendors and researchers for effective cybersecurity.