Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.

Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path gives the easiest foothold.

Below is the full weekly recap — a condensed scan of the incidents, flaws, and campaigns shaping the threat landscape right now.

⚡ Threat of the Week

Malicious Outlook Add-in Turns Into Phishing Kit — In an unusual case of a supply chain attack, the legitimate AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. This was made possible by seizing control of a domain associated with the now-abandoned project to serve a fake Microsoft login page. The incident demonstrates how overlooked and abandoned assets turn into attack vectors. “What makes Office add-ins particularly concerning is the combination of factors: they run inside Outlook, where users handle their most sensitive communications, they can request permissions to read and modify emails, and they’re distributed through Microsoft’s own store, which carries implicit trust,” Koi Security’s Idan Dardikman said. Microsoft has since removed the add-in from its store. 

Can You Quantify Risk to Your Board?

Bridge the gap between technical expertise and board-level strategy. This free course teaches you to communicate risk and secure the budget you need.

Get Certified Free ➝

🔔 Top News

• Google Releases Fixes for Actively Exploited Chrome 0-Day — Google shipped security updates for its Chrome browser to address a flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS that could result in arbitrary code execution. Google did not disclose any details about how the vulnerability is being exploited in the wild, by whom, or who may have been targeted, but it acknowledged that “an exploit for CVE-2026-2441 exists in the wild.” CVE-2026-2441 is the first actively exploited Chrome flaw patched by Google this year.
• BeyondTrust Flaw Comes Under Active Exploitation — A newly disclosed critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has come under active exploitation in the wild less than 24 hours after the publication of a proof-of-concept (PoC) exploit. The vulnerability in question is CVE-2026-1731 (CVS score: 9.9), which could allow an unauthenticated attacker to achieve remote code execution by sending specially crafted requests. According to BeyondTrust, successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption. Data from GreyNoise revealed that a single IP accounted for 86% of all observed reconnaissance sessions so far.
• Apple Ships Patches for Actively Exploited 0-Day — Apple released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks against specific individuals on versions of iOS before iOS 26. The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could allow an attacker with memory write capability to execute arbitrary code on susceptible devices. Google Threat Analysis Group (TAG) has been credited with discovering and reporting the bug. The issue has been addressed in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.
• SSHStalker Uses IRC for C2 — A newly documented Linux botnet named SSHStalker is using the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) operations. The SSHStalker botnet relies on classic IRC mechanics, prioritizing resilience, scale, and low-cost C2 over stealth and technical novelty. The toolkit achieves initial access through automated SSH scanning and brute forcing, using a Go binary that masquerades as the popular open-source network discovery utility nmap. Compromised hosts are then used to scan for additional SSH targets, allowing it to spread in a worm-like manner. Also dropped to infected hosts are payloads to escalate privileges using a catalog of 15-year-old CVEs, perform AWS key harvesting, and cryptocurrency mining. “What we actually found was a loud, stitched-together botnet kit that mixes old-school IRC control, compiling binaries on hosts, mass SSH compromise, and cron-based persistence,” Flare said, describing it as a “scale-first operation that favors reliability over stealth.”
• TeamPCP Turns Cloud Infrastructure into Cybercrime Bots — A threat cluster known as TeamPCP is systematically targeting misconfigured and exposed cloud native environments to hijack infrastructure, expand its scale, and monetize its operations through cryptocurrency mining, proxyware, data theft, and extortion. TeamPCP’s modus operandi involves scanning broad IP ranges for exposed Docker APIs, Kubernetes clusters, Redis servers, Ray dashboards, and systems susceptible to the React2Shell vulnerability in React Server Components. Once it gains access to a system, the threat actor deploys malicious Python and Shell scripts that pull down additional payloads to install proxies, tunneling software, and other components that enable persistence even after server reboots. The varied end goals of the operation ensure that TeamPCP has several revenue streams as “every compromised system becomes a scanner, a proxy, a miner, a data exfiltration node, and a launchpad for further attacks,” Flare said. “Kubernetes clusters are not merely breached; they are converted into distributed botnets.”
• State-Sponsored Hackers Use AI at All Stages of Attack Cycle — Google said it found evidence of nation-state hacking groups using its artificial intelligence (AI) chatbot Gemini at nearly every stage of the cyber attack cycle. The findings once again underscore how such tools are being increasingly integrated into malicious operations, even if they don’t equip bad actors with novel capabilities. One major area of concern with AI abuse is automating the development of vulnerability exploitation, allowing attackers to move faster than the defenders, necessitating that companies respond quickly and fix security weaknesses. Gemini is being weaponized in other ways too, Google said, with some bad actors embedding its APIs directly into malicious code. This includes a new malware family called HONESTCUE that sends prompts to generate working code that the malware compiles and executes in memory. The prompts appear benign in isolation and “devoid of any context related to malware,” allowing them to bypass Gemini’s safety filters.
• Nation-State Hackers Go After Defense Industrial Base — Digital threats targeting the defense industrial base (DIB) sector are expanding beyond traditional espionage into supply chain attacks, workforce infiltration, and cyber operations that lend nations a strategic advantage on the battlefield. The development comes as the cyber domain becomes increasingly intertwined with national defense. Google Threat Intelligence Group said the DIB sector faces a “relentless barrage” of cyber operations conducted by state-sponsored actors and criminal groups. These activities are primarily driven by Chinese, Iranian, North Korean, and Russian threat actors. This is also complemented by pre-positioning efforts to gain covert access through zero-day vulnerabilities in edge network devices to maintain persistent access for future strategic advantage. “In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation,” the tech giant said.

‎️‍🔥 Trending CVEs

New vulnerabilities surface daily, and attackers move fast. Reviewing and patching early keeps your systems resilient.

Here are this week’s most critical flaws to check first — CVE-2026-2441 (Google Chrome), CVE-2026-20700 (Apple iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS), CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 (Microsoft Windows), CVE-2026-1731 (BeyondTrust Remote Support and Privileged Remote Access), CVE-2026-1774 (CASL Ability), CVE-2026-25639 (Axios), CVE-2026-25646 (libpng), CVE-2026-1357 (WPvivid Backup & Migration plugin), CVE-2026-0969 (next-mdx-remote), CVE-2026-25881 (SandboxJS), CVE-2025-66630 (Fiber v2), and a path traversal vulnerability in PyMuPDF (no CVE).

🎥 Cybersecurity Webinars

• Quantum-Ready Security: Preparing for Post-Quantum Cryptography Risks — Quantum computing is advancing fast and it could soon break today’s encryption. Attackers are already collecting encrypted data to decrypt later using quantum power. In this webinar, learn how post-quantum cryptography (PQC) protects sensitive data, ensures compliance, and prepares your organization for future threats. Discover practical strategies, hybrid encryption models, and real solutions from Zscaler to secure your business for the quantum era.
• AI Agents Are Expanding Your Attack Surface — Learn How to Secure Them — AI agents are no longer just chatbots; they browse the web, run code, and access company systems. This creates new security risks beyond prompts. In this session, Rahul Parwani explains how attackers target AI agents and what teams can do to protect them in real-world use.
• Faster Cloud Breach Analysis With Context-Aware Forensics — Cloud attacks don’t leave clear evidence, and traditional forensics can’t keep up. In this webinar, learn how context-aware forensics and AI help security teams investigate cloud incidents faster, capture the right host-level data, and reconstruct attacks in minutes instead of days, so you understand what happened and respond with confidence.

📰 Around the Cyber World

• DragonForce Ransomware Cartel Detailed — In a new analysis, S2W detailed the workings of DragonForce, a ransomware group active since December 2023 that operates under a Ransomware-as-a-Service (RaaS) model and promotes itself as a cartel to expand its influence. The group has carried out attacks against 363 companies from December 2023 to January 2026, while affiliating with LockBit and Qilin. DragonForce also maintains the RansomBay service to support affiliates with customized payload generation and configuration options. In addition, it is active on several dark web forums, including BreachForums, RAMP, and Exploit to advertise its RaaS operations and recruit pentesters. “DragonForce has been expanding its operational scope through attacks on other groups as well as through cooperative relationships, which is assessed as an effort to strengthen its position within the ransomware ecosystem,” S2W said.
• New Browser Fingerprinting Technique Uses Ad Block Filters — Aș browser fingerprinting techniques continue to evolve, new research has found that country-specific adblock filter lists installed on the browser can be used to de-anonymize VPN users. The approach has been codenamed Adbleed by security researcher Melvin Lammerts. “Users of ad blockers with country-specific filter lists (e.g., EasyList Germany, Liste FR) can be partially de-anonymized even when using a VPN,” the researcher said. “By probing blocked domains unique to each country’s filter list, we can identify which lists are active, revealing the user’s likely country or language. If 20+ out of 30 probed domains are blocked instantly, we conclude that the country’s filter list is active.”
• China’s Tianfu Cup Makes a Quiet Return in 2026 — China’s Tianfu Cup hacking contest made its return in 2026, and is now being overseen by the government. Tianfu Cup was launched in 2018 as an alternative to the Zero Day Initiative’s Pwn2Own competition to demonstrate critical vulnerabilities in consumer and enterprise hardware and software, industrial control systems, and automotive products. Tianfu Cup attracted attention in 2021 when participants earned a total of $1.88 million for exploits targeting Windows, Ubuntu, iOS, Safari, Google Chrome, Microsoft Exchange, Adobe Reader, Docker, and VMware. While Tianfu Cup skipped 2022, 2024, and 2025, it popped up in 2023 with a focus on domestic products from companies such as Huawei, Xiaomi, Tencent, and Qihoo 360. After a two-year hiatus in 2024 and 2025, Tianfu Cup once again reappeared late last month. According to Natto Thoughts, the hacking competition is now organized by China’s Ministry of Public Security (MPS). With regulations implemented by China in 2021 requiring citizens to report zero-day vulnerabilities to the government, it has raised concerns that Chinese nation-state threat actors have been leveraging the law to stockpile zero-days for cyber espionage operations.
• DoD Employee Indicted for Moonlighting as a Money Mule — A Department of Defense (DoD) employee, Samuel D. Marcus, has been indicted in the U.S. for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian scammers. Marcus has been charged with one count of conspiracy to commit money laundering, six counts of illegal monetary transactions, and one count of money laundering. “From approximately July 2023 to December 2025, while employed as a Logistics Specialist with the Department of Defense, the defendant was in direct and regular contact with a group of Nigeria-based fraudsters, who operated under the aliases ‘Rachel Jude’ and ‘Ned McMurray,’ among others,” the U.S. Justice Department (DoJ) said. “These fraudsters engaged in a variety of wire fraud schemes that targeted victims based in the United States, including romance fraud, cyber fraud, tax fraud, financing fraud, and business email compromise schemes, to which victims lost millions of dollars.” The indictment alleged that the defendant and other money mules conducted a series of financial transactions to convert fraud victim funds deposited into their accounts into cryptocurrency and to move those funds into foreign accounts. If convicted, Marcus faces a maximum possible sentence of 100 years’ imprisonment, three years’ supervised release, and a $2 million fine.
• Palo Alto Networks Chose Not to tie TGR-STA-1030 to China — In a report published last week, Reuters said Palo Alto Networks Unit 42 opted not to attribute China to a sprawling cyber espionage campaign dubbed TGR-STA-1030 that it said broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year. The decision was motivated “over concerns that the cybersecurity company or its clients could face retaliation from Beijing,” the news agency said. It’s worth noting that the campaign exhibits typical hallmarks associated with a typical China-nexus espionage effort, not least because of the use of tools like Behinder, neo-reGeorg, and Godzilla, which have been primarily identified as used by Chinese hacking groups in the past.
• Trend Micro Details New Threat Actor Taxonomy — Trend Micro has outlined a new threat attribution framework that applies standardized evidence scoring, relationship mapping, and bias testing to reduce the risk of misattribution. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. “Strong attribution comes from weighing evidence correctly,” Trend Micro said. “Not all evidence carries the same weight, and effective attribution depends on separating high-value intelligence from disposable indicators. Attribution confidence comes from signals that persist over time. Quantifying evidence quality through consistent scoring prevents analysts from overvaluing noise or intuition, helps challenge assumptions, and keeps the focus on signals that genuinely strengthen the overall attribution case rather than isolated data points that do not move it forward.”
• Cryptocurrency Flows to Suspected Human Trafficking Services Surge — Cryptocurrency flows to suspected human trafficking services, largely based in Southeast Asia, grew 85% in 2025, reaching a scale of hundreds of millions across identified services. “This surge in cryptocurrency flows to suspected human trafficking services is not happening in isolation, but is closely aligned with the growth of Southeast Asia–based scam compounds, online casinos and gambling sites, and Chinese-language money laundering (CMLN) and guarantee networks operating largely via Telegram, all of which form a rapidly expanding local illicit ecosystem with global reach and impact,” Chainalysis said.
• Security Flaw in Munge — A high-severity vulnerability has been disclosed in Munge that could allow a local attacker to leak cryptographic key material from process memory, and use it to forge arbitrary Munge credentials to impersonate any user, including root, to services that rely on it for authentication. Munge is an authentication service for creating and validating user credentials that’s designed for use in high-performance computing (HPC) cluster environments. The vulnerability, tracked as CVE-2026-25506 (CVSS score: 7.7), has been present in the codebase for approximately 20 years, per Lexfo. It affects every version up to 0.5.17, and has been addressed in version 0.5.18, released on February 10, 2026. “This vulnerability can be exploited locally to leak the Munge secret key, allowing an attacker to forge arbitrary Munge tokens, valid across the cluster,” Lexfo said. “In a way, this is a local privilege escalation in the context of high-performance computers.”
• New Campaign Distributes Lumma Stealer and Trojanized Chromium-Based Ninja Browser — A large-scale malware campaign has been exploiting trusted Google services, including Google Groups, Google Docs, and Google Drive, to distribute Lumma Stealer and a trojanized Chromium-based Ninja Browser on Windows and Linux systems. The attack chain involves the threat actor embedding malicious download links disguised as software updates, often using URL shorteners, in Google Groups to trick users into installing malware. Central to the attack is the abuse of the inherent trust associated with Google-hosted platforms to bypass conventional security controls and increase the likelihood of successful compromise. “The operation leverages more than 4,000 malicious Google Groups and 3,500 Google-hosted URLs to embed deceptive download links within legitimate-looking discussions, targeting organizations worldwide,” CTM360 said. “The campaign dynamically redirects victims based on the operating system, delivering an oversized, obfuscated Lumma payload to Windows users and a persistence-enabled malicious browser to Linux systems.”
• Disney Agrees to $2.75M Fine for Data Privacy Violations — Walt Disney has agreed to a $2.75 million fine with the U.S. state of California in response to allegations that it broke the state’s privacy law, the California Consumer Protection Act, by making it difficult for consumers to opt out of having their data shared and sold. The company has also agreed to implement opt-out methods that fully stop Disney’s sale or sharing of consumers’ personal information. “Consumers shouldn’t have to go to infinity and beyond to assert their privacy rights,” said California Attorney General Rob Bonta. “California’s nation-leading privacy law is clear: A consumer’s opt-out right applies wherever and however a business sells data — businesses can’t force people to go device-by-device or service-by-service. In California, asking a business to stop selling your data should not be complicated or cumbersome. My office is committed to the continued enforcement of this critical privacy law.”
• Leaked Credentials Exposed Airport Systems to Security Risks — CloudSEK said it discovered login credentials for a European fourth-party airport service portal being circulated on underground forums, potentially allowing threat actors unauthorized access to an unnamed vendor’s Next Generation Operations Support System (NGOSS) systems at approximately 200 airports across multiple countries. “The portal, which served as the central control panel for over 200 client airports, lacked Multi-Factor Authentication (MFA),” CloudSEK said. “No breach occurred — but the potential for one was immediate and severe.”

🔧 Cybersecurity Tools

• SCAM (Security Comprehension Awareness Measure) — It is a benchmark by 1Password that tests how safely AI agents handle sensitive information in real workplace situations. Instead of asking agents to identify obvious scams, it places them inside everyday tasks—email, credentials, web forms—where hidden threats like phishing links and fake domains appear naturally. The goal is to measure whether AI can recognize, avoid, and report risks before damage happens.
• Quantickle — It is a browser-based graph visualization tool designed to help analysts map and explore threat intelligence data. It turns complex relationships—IPs, domains, malware, actors—into interactive network graphs, making patterns, connections, and attack paths easier to see, investigate, and explain.

Disclaimer: These tools are provided for research and educational use only. They are not security-audited and may cause harm if misused. Review the code, test in controlled environments, and comply with all applicable laws and policies.

Conclusion

Taken together, these incidents show how threat activity is spreading across every layer. User tools, enterprise software, cloud infrastructure, and national systems are all in scope. The entry points differ, but the objective stays the same: gain access quietly, then scale impact over time.

The stories above are not isolated alerts. Read as a whole, they outline where pressure is building next and where defenses are most likely to be tested in the weeks ahead.