The Purple Fox exploit kit (EK) has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks. The latest revision to the exploit kit has added attacks against flaws tracked as CVE-2020-0674 and CVE-2019-1458. Purple Fox EK was previously analyzed in September, when researchers said it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit. Researchers say they expect more attacks to be added in the future.
Source: https://threatpost.com/microsoft-exploits-purple-fox-ek/157157/