A new Internet Explorer 0-Day attack uses a malformed Office webpage exploit to crash the IE engine.  It is being reported by SANS ISC as Chinese security firm provides very early reports on this new threat circulating in-the-wild. 

https://isc.sans.edu/forums/diary/New+IE+0day+in+the+wild/23581/

Qihoo 360 Technology, a Chinese internet security company, published a report for a new Internet Explorer zero-day exploit it has seen exploited in the wild by an (unmentioned) APT group. Qihoo 360 has reported this to Microsoft on 4/19/2018. We have no news from Microsoft.  Although the report does not contain much technical details, there is a diagram of the chain that we have translated.  It seems that the initial attack, detected by Qihoo 360, used a Microsoft Office document containing a web page. The vulnerability seems to be in the Internet Explorer engine, and could thus be exploited via any application that uses the IE engine.