From bleepingcomputer.com
An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims’ systems with the help of coronavirus-themed phishing emails.
Open redirects are web addresses that automatically redirect users between a source website and a target site, and are regularly used by malicious actors to send their targets to phishing landing pages or to deliver malware payloads under the guise of legitimate services.