Outlook Add-Ins Hijacked: 0-Day Patches, Wormable Botnets, and AI Malware Threats

Post Views: 13

Cybersecurity Threats Spread Across Multiple Layers

A recent surge in cyberattacks has highlighted the importance of vigilance across all layers of an organization’s infrastructure. From user tools and enterprise software to cloud infrastructure and national systems, no entity is immune to the threat of cyber compromise.

Malicious Outlook Add-in Steals Thousands of Microsoft Account Credentials

A legitimate Outlook add-in, AgreeTo, was hijacked and turned into a phishing kit, resulting in the theft of over 4,000 Microsoft account credentials. The attackers seized control of a domain associated with the abandoned project to serve a fake Microsoft login page. This incident demonstrates how overlooked and abandoned assets can become attack vectors.

Google Patches Actively Exploited Chrome 0-Day

Google released security updates for its Chrome browser to address a high-severity vulnerability, CVE-2026-2441, which has been exploited in the wild. The vulnerability, described as a use-after-free bug in CSS, could result in arbitrary code execution.

BeyondTrust Flaw Under Active Exploitation

A critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has come under active exploitation, allowing an unauthenticated attacker to achieve remote code execution. The vulnerability, CVE-2026-1731, could result in unauthorized access, data exfiltration, and service disruption.

Apple Patches Actively Exploited 0-Day

Apple released patches for a zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and visionOS, which has been exploited in sophisticated cyber attacks. The vulnerability, CVE-2026-20700, is a memory corruption issue in dyld, Apple’s Dynamic Link Editor.

SSHStalker Botnet Uses IRC for Command-and-Control

A newly documented Linux botnet, SSHStalker, uses the Internet Relay Chat (IRC) communication protocol for command-and-control operations. The botnet relies on classic IRC mechanics and achieves initial access through automated SSH scanning and brute forcing.

TeamPCP Targets Misconfigured Cloud Infrastructure

A threat cluster, TeamPCP, is systematically targeting misconfigured and exposed cloud native environments to hijack infrastructure, expand its scale, and monetize its operations. The group uses malicious Python and Shell scripts to install proxies, tunneling software, and other components that enable persistence.

State-Nation-State Hackers Expand Targets

State-nation-state hackers are expanding their targets beyond traditional espionage to include supply chain attacks, workforce infiltration, and cyber operations that lend nations a strategic advantage on the battlefield.

New Browser Fingerprinting Technique Uses Ad Block Filters

A new browser fingerprinting technique uses country-specific adblock filter lists to de-anonymize VPN users. The approach, codenamed Adbleed, involves probing blocked domains unique to each country’s filter list to identify the user’s likely country or language.

China’s Tianfu Cup Makes a Quiet Return

China’s Tianfu Cup hacking contest has made its return, with the government overseeing the event. The contest, launched in 2018, demonstrates critical vulnerabilities in consumer and enterprise hardware and software.

Cryptocurrency Flows to Suspected Human Trafficking Services Surge

Cryptocurrency flows to suspected human trafficking services in Southeast Asia grew 85% in 2025, reaching a scale of hundreds of millions across identified services.

Security Flaw in Munge Exposes Cryptographic Key Material

A high-severity vulnerability in Munge, an authentication service for high-performance computing cluster environments, could allow a local attacker to leak cryptographic key material from process memory and use it to forge arbitrary Munge credentials.

These incidents demonstrate the importance of vigilance across all layers of an organization’s infrastructure, as threat activity continues to spread and evolve.