Around half of the websites that use WebAssembly, a new web technology, use it for malicious purposes, according to academic research.
https://it.slashdot.org/story/20/01/08/1421216/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes

Our Security Team discovered a new type of Auto-Redirect attack using WASM to run Javascript code which will eventually lead the user, without any interaction, to a non-desired landing page.
In one of our previous posts we discussed Sandboxing, why it was created and how it was supposed to be a safer way to run Iframes. Unfortunately, we’ve seen how attackers are able to easily bypass it by serving code in a cross-origin platform, and leverage the ability of code served in the same origin platform by navigating through Sandboxing.

https://www.geoedge.com/webassembly-a-new-attack-uncovered/