The Laundry Bear (UAC-0190 / Void Blizzard) threat actor is actively exploiting Microsoft Edge in headless mode via the Chrome DevTools Protocol (CDP) to deploy the DRILLAPP JavaScript backdoor, enabling covert camera, microphone, screen, and file system access on targeted Windows endpoints without a CVE or patch vector — the attack abuses legitimate browser functionality. No patch addresses this technique; mitigation requires restricting headless browser execution via application control policy or GPO, and detection requires EDR tuning for Edge/Chrome processes launched with –headless and –remote-debugging-port flags from anomalous parent processes. Organizations with ties to Ukrainian government entities, diplomatic missions, or relevant operational sectors should treat this as an elevated threat and brief SOC and threat intelligence teams immediately.