A malvertising group generally known as “ScamClub” exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected customers to fraudulent web sites reward card scams. The assaults, first spotted by advert safety agency Confiant in late June 2020, leveraged a bug (CVE-2021–1801) that allowed malicious events to bypass the iframe sandboxing coverage […]