Outlook Add-Ins Hijacked: 0-Day Patches, Wormable Botnets, and AI Malware Threats

Cybersecurity Incidents Recap

A recent surge in cyber attacks has highlighted the importance of vigilance in the digital landscape. Threat actors are exploiting small gaps in security to gain entry points, often using trusted tools, add-ons, and cloud setups to carry out their malicious activities. This week’s recap of cybersecurity incidents reveals a mix of old and new tactics, including legacy botnet strategies, modern cloud abuse, AI-assisted attacks, and supply-chain exposure.

Notable Incidents

• One notable incident involved the hijacking of a legitimate Outlook add-in, AgreeTo, which was turned into a phishing kit that stole over 4,000 Microsoft account credentials.
• Google released security updates for its Chrome browser to address a high-severity vulnerability, tracked as CVE-2026-2441, which has been exploited in the wild.
• A critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has come under active exploitation in the wild.
• Apple released patches for a zero-day flaw, tracked as CVE-2026-20700, which has been exploited in sophisticated cyber attacks against specific individuals.

New Threats and Techniques

A newly documented Linux botnet, SSHStalker, is using the Internet Relay Chat (IRC) communication protocol for command-and-control operations.

A threat cluster known as TeamPCP is systematically targeting misconfigured and exposed cloud-native environments to hijack infrastructure, expand its scale, and monetize its operations through cryptocurrency mining, proxyware, data theft, and extortion.

A new browser fingerprinting technique uses ad block filters to de-anonymize VPN users.

Nation-State Actors and Cyber Espionage

State-nation-state hackers are targeting the defense industrial base (DIB) sector with a “relentless barrage” of cyber operations, including supply chain attacks, workforce infiltration, and cyber operations that lend nations a strategic advantage on the battlefield.

China’s Tianfu Cup hacking contest has made its return in 2026, with a focus on domestic products from companies such as Huawei, Xiaomi, Tencent, and Qihoo 360.

Other Incidents and Developments

A Department of Defense (DoD) employee has been indicted for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian scammers.

A high-severity vulnerability has been disclosed in Munge, an authentication service for creating and validating user credentials.

A large-scale malware campaign has been exploiting trusted Google services to distribute Lumma Stealer and a trojanized Chromium-based Ninja Browser on Windows and Linux systems.

Walt Disney has agreed to a $2.75 million fine with the U.S. state of California for violating the state’s privacy law by making it difficult for consumers to opt out of having their data shared and sold.

Login credentials for a European fourth-party airport service portal have been discovered on underground forums, potentially allowing threat actors unauthorized access to an unnamed vendor’s Next Generation Operations Support System (NGOSS) systems at approximately 200 airports across multiple countries.

Cryptocurrency flows to suspected human trafficking services have grown 85% in 2025, reaching a scale of hundreds of millions across identified services.

A new threat attribution framework has been outlined by Trend Micro, which applies standardized evidence scoring, relationship mapping, and bias testing to reduce the risk of misattribution.

Palo Alto Networks has opted not to attribute a sprawling cyber espionage campaign, dubbed TGR-STA-1030, to China, despite the campaign exhibiting typical hallmarks associated with a typical China-nexus espionage effort.

About Author

Vaibhav

See author's posts