Not new but interesting - Great Duke of Hell

From The Register: Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware • The Register

browsers run scripts by default, then clicking a malicious link …
Another big problem is application permissions, for example, secure application once running, scripts can be executed, loaded dlls, exe files to be downloaded in the background (such as images, text files, cookie …)

scripts can execute commands like “file:///” directly by the browser >:-D