Outlook Add-Ins Hijacked: 0-Day Patches, Wormable Botnets, and AI Malware Threats

Post Views: 10

Malicious Outlook Add-in Hijacked to Steal Microsoft Credentials

A legitimate Outlook add-in, AgreeTo, has been compromised and transformed into a phishing kit, resulting in the theft of over 4,000 Microsoft account credentials. The attackers seized control of a domain associated with the abandoned project to serve a fake Microsoft login page. This incident highlights the risks of overlooked and abandoned assets becoming attack vectors.

According to Koi Security’s Idan Dardikman, “Office add-ins are particularly concerning due to their ability to run inside Outlook, request permissions to read and modify emails, and being distributed through Microsoft’s own store, which carries implicit trust.”

Microsoft has since removed the add-in from its store.

Google Patches Actively Exploited Chrome 0-Day

Google has released security updates for its Chrome browser to address a high-severity vulnerability (CVE-2026-2441) that has been exploited in the wild. The use-after-free bug in CSS could result in arbitrary code execution. While Google did not disclose details about the exploitation, it acknowledged that an exploit exists in the wild.

BeyondTrust Flaw Under Active Exploitation

A critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access products (CVE-2026-1731) has come under active exploitation less than 24 hours after the publication of a proof-of-concept exploit. The vulnerability could allow an unauthenticated attacker to achieve remote code execution by sending specially crafted requests.

Apple Patches Actively Exploited 0-Day

Apple has released updates to address a zero-day flaw (CVE-2026-20700) that has been exploited in sophisticated cyber attacks against specific individuals on versions of iOS before iOS 26. The memory corruption issue in dyld could allow an attacker to execute arbitrary code on susceptible devices.

SSHStalker Botnet Uses IRC for Command-and-Control

A newly documented Linux botnet, SSHStalker, uses the Internet Relay Chat (IRC) communication protocol for command-and-control operations. The botnet relies on classic IRC mechanics, prioritizing resilience, scale, and low-cost C2 over stealth and technical novelty.

TeamPCP Hijacks Cloud Infrastructure for Cybercrime

A threat cluster, TeamPCP, is systematically targeting misconfigured and exposed cloud native environments to hijack infrastructure, expand its scale, and monetize its operations through cryptocurrency mining, proxyware, data theft, and extortion.

State-Nation-State Hackers Target Defense Industrial Base

Digital threats targeting the defense industrial base sector are expanding beyond traditional espionage into supply chain attacks, workforce infiltration, and cyber operations that lend nations a strategic advantage on the battlefield.

Google Threat Analysis Group Discovers Apple 0-Day

Google Threat Analysis Group has been credited with discovering and reporting the Apple 0-day flaw (CVE-2026-20700). The issue has been addressed in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.

Tianfu Cup Hacking Contest Makes Quiet Return

China’s Tianfu Cup hacking contest has made its return in 2026, and is now being overseen by the government. The contest was launched in 2018 as an alternative to the Zero Day Initiative’s Pwn2Own competition.

Munge Vulnerability Exposes Cryptographic Key Material

A high-severity vulnerability in Munge (CVE-2026-25506) could allow a local attacker to leak cryptographic key material from process memory, and use it to forge arbitrary Munge credentials to impersonate any user, including root, to services that rely on it for authentication.

Lumma Stealer and Trojanized Chromium-Based Ninja Browser Distributed

A large-scale malware campaign has been exploiting trusted Google services to distribute Lumma Stealer and a trojanized Chromium-based Ninja Browser on Windows and Linux systems.

Disney Agrees to $2.75M Fine for Data Privacy Violations

Walt Disney has agreed to a $2.75 million fine with the U.S. state of California in response to allegations that it broke the state’s privacy law, the California Consumer Protection Act.

Leaked Credentials Expose Airport Systems to Security Risks

Login credentials for a European fourth-party airport service portal have been discovered being circulated on underground forums, potentially allowing threat actors unauthorized access to an unnamed vendor’s Next Generation Operations Support System (NGOSS) systems at approximately 200 airports across multiple countries.