An active delivery site was recently identified hosting a weaponized HTA script that silently deploys the infostealer “NordDragonScan” onto victim systems. Once executed, NordDragonScan performs host reconnaissance, exfiltrates documents, harvests entire Chrome and Firefox browser profiles, and captures screenshots....