This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.
Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path gives the easiest foothold.
Below is the full weekly recap — a condensed scan of the incidents, flaws, and campaigns shaping the threat landscape right now.
âš¡ Threat of the Week
Malicious Outlook Add-in Turns Into Phishing Kit — In an unusual case of a supply chain attack, the legitimate AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. This was made possible by seizing control of a domain associated with the now-abandoned project to serve a fake Microsoft login page. The incident demonstrates how overlooked and abandoned assets turn into attack vectors. “What makes Office add-ins particularly concerning is the combination of factors: they run inside Outlook, where users handle their most sensitive communications, they can request permissions to read and modify emails, and they’re distributed through Microsoft’s own store, which carries implicit trust,” Koi Security’s Idan Dardikman said. Microsoft has since removed the add-in from its store.Â
🔔 Top News
- Google Releases Fixes for Actively Exploited Chrome 0-Day — Google shipped security updates for its Chrome browser to address a flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS that could result in arbitrary code execution. Google did not disclose any details about how the vulnerability is being exploited in the wild, by whom, or who may have been targeted, but it acknowledged that “an exploit for CVE-2026-2441 exists in the wild.” CVE-2026-2441 is the first actively exploited Chrome flaw patched by Google this year.
- BeyondTrust Flaw Comes Under Active Exploitation — A newly disclosed critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has come under active exploitation in the wild less than 24 hours after the publication of a proof-of-concept (PoC) exploit. The vulnerability in question is CVE-2026-1731 (CVS score: 9.9), which could allow an unauthenticated attacker to achieve remote code execution by sending specially crafted requests. According to BeyondTrust, successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption. Data from GreyNoise revealed that a single IP accounted for 86% of all observed reconnaissance sessions…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
