Cybersecurity

Cyber: Weekly Recap: Outlook Add-ins Hijack, 0-day Patches, Wormable...

2026-02-16 0 views admin
Cyber: Weekly Recap: Outlook Add-ins Hijack, 0-day Patches, Wormable...

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.

Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path gives the easiest foothold.

Below is the full weekly recap — a condensed scan of the incidents, flaws, and campaigns shaping the threat landscape right now.

Malicious Outlook Add-in Turns Into Phishing Kit — In an unusual case of a supply chain attack, the legitimate AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. This was made possible by seizing control of a domain associated with the now-abandoned project to serve a fake Microsoft login page. The incident demonstrates how overlooked and abandoned assets turn into attack vectors. "What makes Office add-ins particularly concerning is the combination of factors: they run inside Outlook, where users handle their most sensitive communications, they can request permissions to read and modify emails, and they're distributed through Microsoft's own store, which carries implicit trust," Koi Security's Idan Dardikman said. Microsoft has since removed the add-in from its store.

Bridge the gap between technical expertise and board-level strategy. This free course teaches you to communicate risk and secure the budget you need.

New vulnerabilities surface daily, and attackers move fast. Reviewing and patching early keeps your systems resilient.

Here are this week’s most critical flaws to check first — CVE-2026-2441 (Google Chrome), CVE-2026-20700 (Apple iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS), CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 (Microsoft Windows), CVE-2026-1731 (BeyondTrust Remote Support and Privileged Remote Access), CVE-2026-1774 (CASL Ability), CVE-2026-25639 (Axios), CVE-2026-25646 (libpng), CVE-2026-1357 (WPvivid Backup & Migration plugin), CVE-2026-0969 (next-mdx-remote), CVE-2026-25881 (SandboxJS), CVE-2025-66630 (Fiber v2), and a path traversal vulnerability in PyMuPDF (no CVE).

Disclaimer: These tools are provided for research and educational use only. They are not security-audited and may cause harm if misused. Review the code, test in controlled envi

Source: The Hacker News

🏷️ Tags

securityvulnerabilitycveattackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views