Edgecution: A Browser Extension That Escapes Edge's Sandbox via Native Messaging. Teams Delivers It. Ransomware Follows. (opens in new tab)

The browser sandbox is supposed to contain browser code. Edgecution exits it through a door Microsoft left open for legitimate use.Zscaler ThreatLabz published research this week on a new malware family they named Edgecution, deployed by an initial access broker called Payouts King and used as the entry point for ransomware operations.The Delivery ChainThe attack begins on Microsoft Teams. An attacker poses as IT support and tells an employee they need to install a spam filter update. The employ