Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

This week’s recap reveals how small gaps are turning into massive entry factors. Not at all times by means of new exploits, typically by means of instruments, add-ons, cloud setups, or workflows that individuals already belief and barely query.

One other sign: attackers are mixing outdated and new strategies. Legacy botnet techniques, fashionable cloud abuse, AI help, and supply-chain publicity are getting used aspect by aspect, whichever path offers the best foothold.

Under is the total weekly recap — a condensed scan of the incidents, flaws, and campaigns shaping the menace panorama proper now.

⚡ Menace of the Week

Malicious Outlook Add-in Turns Into Phishing Equipment — In an uncommon case of a provide chain assault, the reputable AgreeTo add-in for Outlook has been hijacked and became a phishing package that stole greater than 4,000 Microsoft account credentials. This was made potential by seizing management of a website related to the now-abandoned challenge to serve a pretend Microsoft login web page. The incident demonstrates how missed and deserted property flip into assault vectors. “What makes Workplace add-ins notably regarding is the mix of things: they run inside Outlook, the place customers deal with their most delicate communications, they’ll request permissions to learn and modify emails, and so they’re distributed by means of Microsoft’s personal retailer, which carries implicit belief,” Koi Safety’s Idan Dardikman mentioned. Microsoft has since eliminated the add-in from its retailer. 

🔔 Prime Information

• Google Releases Fixes for Actively Exploited Chrome 0-Day — Google shipped security updates for its Chrome browser to deal with a flaw that it mentioned has been exploited within the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS rating: 8.8), has been described as a use-after-free bug in CSS that might end in arbitrary code execution. Google didn’t disclose any particulars about how the vulnerability is being exploited within the wild, by whom, or who might have been focused, however it acknowledged that “an exploit for CVE-2026-2441 exists within the wild.” CVE-2026-2441 is the primary actively exploited Chrome flaw patched by Google this yr.
• BeyondTrust Flaw Comes Underneath Energetic Exploitation — A newly disclosed important vulnerability in BeyondTrust Distant Assist and Privileged Distant Entry merchandise has come underneath energetic exploitation within the wild lower than 24 hours after the publication of a proof-of-concept (PoC) exploit. The vulnerability in query is CVE-2026-1731 (CVS rating: 9.9), which might enable an unauthenticated attacker to realize distant code execution by sending specifically crafted requests. In accordance with BeyondTrust, profitable exploitation of the shortcoming might enable an unauthenticated distant attacker to execute working system instructions within the context of the location person, leading to unauthorized entry, information exfiltration, and repair disruption. Data from GreyNoise revealed {that a} single IP accounted for 86% of all noticed reconnaissance periods to this point.
• Apple Ships Patches for Actively Exploited 0-Day — Apple launched iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to deal with a zero-day flaw that it mentioned has been exploited in refined cyber assaults towards particular people on variations of iOS earlier than iOS 26. The vulnerability, tracked as CVE-2026-20700 (CVSS rating: 7.8), has been described as a reminiscence corruption situation in dyld, Apple’s Dynamic Hyperlink Editor. Profitable exploitation of the vulnerability might enable an attacker with reminiscence write functionality to execute arbitrary code on prone gadgets. Google Menace Evaluation Group (TAG) has been credited with discovering and reporting the bug. The difficulty has been addressed in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.
• SSHStalker Makes use of IRC for C2 — A newly documented Linux botnet named SSHStalker is utilizing the Web Relay Chat (IRC) communication protocol for command-and-control (C2) operations. The SSHStalker botnet depends on basic IRC mechanics, prioritizing resilience, scale, and low-cost C2 over stealth and technical novelty. The toolkit achieves preliminary entry by means of automated SSH scanning and brute forcing, utilizing a Go binary that masquerades as the favored open-source community discovery utility nmap. Compromised hosts are then used to scan for added SSH targets, permitting it to unfold in a worm-like method. Additionally dropped to contaminated hosts are payloads to escalate privileges utilizing a catalog of 15-year-old CVEs, carry out AWS key harvesting, and cryptocurrency mining. “What we really discovered was a loud, stitched-together botnet package that mixes old-school IRC management, compiling binaries on hosts, mass SSH compromise, and cron-based persistence,” Flare mentioned, describing it as a “scale-first operation that favors reliability over stealth.”
• TeamPCP Turns Cloud Infrastructure into Cybercrime Bots — A menace cluster often called TeamPCP is systematically focusing on misconfigured and uncovered cloud native environments to hijack infrastructure, increase its scale, and monetize its operations by means of cryptocurrency mining, proxyware, information theft, and extortion. TeamPCP’s modus operandi entails scanning broad IP ranges for uncovered Docker APIs, Kubernetes clusters, Redis servers, Ray dashboards, and programs prone to the React2Shell vulnerability in React Server Elements. As soon as it features entry to a system, the menace actor deploys malicious Python and Shell scripts that pull down extra payloads to put in proxies, tunneling software program, and different elements that allow persistence even after server reboots. The various finish targets of the operation make sure that TeamPCP has a number of income streams as “each compromised system turns into a scanner, a proxy, a miner, an information exfiltration node, and a launchpad for additional assaults,” Flare mentioned. “Kubernetes clusters should not merely breached; they’re transformed into distributed botnets.”
• State-Sponsored Hackers Use AI at All Levels of Attack Cycle — Google mentioned it discovered proof of nation-state hacking teams utilizing its synthetic intelligence (AI) chatbot Gemini at almost each stage of the cyber assault cycle. The findings as soon as once more underscore how such instruments are being more and more built-in into malicious operations, even when they do not equip dangerous actors with novel capabilities. One main space of concern with AI abuse is automating the event of vulnerability exploitation, permitting attackers to maneuver quicker than the defenders, necessitating that firms reply shortly and repair security weaknesses. Gemini is being weaponized in different methods too, Google mentioned, with some dangerous actors embedding its APIs straight into malicious code. This features a new malware household known as HONESTCUE that sends prompts to generate working code that the malware compiles and executes in reminiscence. The prompts seem benign in isolation and “devoid of any context associated to malware,” permitting them to bypass Gemini’s security filters.
• Nation-State Hackers Go After Protection Industrial Base — Digital threats focusing on the protection industrial base (DIB) sector are increasing past conventional espionage into provide chain assaults, workforce infiltration, and cyber operations that lend nations a strategic benefit on the battlefield. The event comes because the cyber area turns into more and more intertwined with nationwide protection. Google Menace Intelligence Group mentioned the DIB sector faces a “relentless barrage” of cyber operations performed by state-sponsored actors and legal teams. These actions are primarily pushed by Chinese language, Iranian, North Korean, and Russian menace actors. That is additionally complemented by pre-positioning efforts to achieve covert entry by means of zero-day vulnerabilities in edge community gadgets to keep up persistent entry for future strategic benefit. “In fashionable warfare, the entrance traces are now not confined to the battlefield; they lengthen straight into the servers and provide chains of the trade that safeguards the nation,” the tech big mentioned.

‎️‍🔥 Trending CVEs

New vulnerabilities floor every day, and attackers transfer quick. Reviewing and patching early retains your programs resilient.

Listed here are this week’s most crucial flaws to verify first — CVE-2026-2441 (Google Chrome), CVE-2026-20700 (Apple iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS), CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 (Microsoft Home windows), CVE-2026-1731 (BeyondTrust Distant Assist and Privileged Distant Entry), CVE-2026-1774 (CASL Means), CVE-2026-25639 (Axios), CVE-2026-25646 (libpng), CVE-2026-1357 (WPvivid Backup & Migration plugin), CVE-2026-0969 (next-mdx-remote), CVE-2026-25881 (SandboxJS), CVE-2025-66630 (Fiber v2), and a path traversal vulnerability in PyMuPDF (no CVE).

🎥 Cybersecurity Webinars

• Quantum-Prepared Safety: Making ready for Submit-Quantum Cryptography Dangers — Quantum computing is advancing quick and it might quickly break at this time’s encryption. Attackers are already amassing encrypted information to decrypt later utilizing quantum energy. On this webinar, find out how post-quantum cryptography (PQC) protects delicate information, ensures compliance, and prepares your group for future threats. Uncover sensible methods, hybrid encryption fashions, and actual options from Zscaler to safe your corporation for the quantum period.
• AI Brokers Are Increasing Your Attack Floor — Be taught Tips on how to Safe Them — AI brokers are now not simply chatbots; they browse the net, run code, and entry firm programs. This creates new security dangers past prompts. On this session, Rahul Parwani explains how attackers goal AI brokers and what groups can do to guard them in real-world use.
• Sooner Cloud Breach Evaluation With Context-Conscious Forensics — Cloud assaults don’t depart clear proof, and conventional forensics can’t sustain. On this webinar, find out how context-aware forensics and AI assist security groups examine cloud incidents quicker, seize the proper host-level information, and reconstruct assaults in minutes as a substitute of days, so that you perceive what occurred and reply with confidence.

📰 Across the Cyber World

• DragonForce Ransomware Cartel Detailed — In a brand new evaluation, S2W detailed the workings of DragonForce, a ransomware group energetic since December 2023 that operates underneath a Ransomware-as-a-Service (RaaS) mannequin and promotes itself as a cartel to increase its affect. The group has carried out assaults towards 363 firms from December 2023 to January 2026, whereas affiliating with LockBit and Qilin. DragonForce additionally maintains the RansomBay service to assist associates with personalized payload technology and configuration choices. As well as, it’s energetic on a number of darkish internet boards, together with BreachForums, RAMP, and Exploit to promote its RaaS operations and recruit pentesters. “DragonForce has been increasing its operational scope by means of assaults on different teams in addition to by means of cooperative relationships, which is assessed as an effort to strengthen its place inside the ransomware ecosystem,” S2W mentioned.
• New Browser Fingerprinting Method Makes use of Advert Block Filters — Aș browser fingerprinting methods proceed to evolve, new analysis has discovered that country-specific adblock filter lists put in on the browser can be utilized to de-anonymize VPN customers. The method has been codenamed Adbleed by security researcher Melvin Lammerts. “Customers of advert blockers with country-specific filter lists (e.g., EasyList Germany, Liste FR) could be partially de-anonymized even when utilizing a VPN,” the researcher mentioned. “By probing blocked domains distinctive to every nation’s filter checklist, we are able to determine which lists are energetic, revealing the person’s seemingly nation or language. If 20+ out of 30 probed domains are blocked immediately, we conclude that the nation’s filter checklist is energetic.”
• China’s Tianfu Cup Makes a Quiet Return in 2026 — China’s Tianfu Cup hacking contest made its return in 2026, and is now being overseen by the federal government. Tianfu Cup was launched in 2018 as an alternative choice to the Zero Day Initiative’s Pwn2Own competitors to reveal important vulnerabilities in client and enterprise {hardware} and software program, industrial management programs, and automotive merchandise. Tianfu Cup attracted consideration in 2021 when individuals earned a complete of $1.88 million for exploits focusing on Home windows, Ubuntu, iOS, Safari, Google Chrome, Microsoft Change, Adobe Reader, Docker, and VMware. Whereas Tianfu Cup skipped 2022, 2024, and 2025, it popped up in 2023 with a give attention to home merchandise from firms resembling Huawei, Xiaomi, Tencent, and Qihoo 360. After a two-year hiatus in 2024 and 2025, Tianfu Cup as soon as once more reappeared late final month. In accordance with Natto Ideas, the hacking competitors is now organized by China’s Ministry of Public Safety (MPS). With rules carried out by China in 2021 requiring residents to report zero-day vulnerabilities to the federal government, it has raised considerations that Chinese language nation-state menace actors have been leveraging the regulation to stockpile zero-days for cyber espionage operations.
• DoD Worker Indicted for Moonlighting as a Cash Mule — A Division of Protection (DoD) worker, Samuel D. Marcus, has been indicted within the U.S. for allegedly serving as a cash mule and laundering hundreds of thousands of {dollars} on behalf of Nigerian scammers. Marcus has been charged with one depend of conspiracy to commit cash laundering, six counts of unlawful financial transactions, and one depend of cash laundering. “From roughly July 2023 to December 2025, whereas employed as a Logistics Specialist with the Division of Protection, the defendant was in direct and common contact with a gaggle of Nigeria-based fraudsters, who operated underneath the aliases ‘Rachel Jude’ and ‘Ned McMurray,’ amongst others,” the U.S. Justice Division (DoJ) mentioned. “These fraudsters engaged in quite a lot of wire fraud schemes that focused victims primarily based in the USA, together with romance fraud, cyber fraud, tax fraud, financing fraud, and enterprise e mail compromise schemes, to which victims misplaced hundreds of thousands of {dollars}.” The indictment alleged that the defendant and different cash mules performed a sequence of economic transactions to transform fraud sufferer funds deposited into their accounts into cryptocurrency and to maneuver these funds into international accounts. If convicted, Marcus faces a most potential sentence of 100 years’ imprisonment, three years’ supervised launch, and a $2 million advantageous.
• Palo Alto Networks Selected To not tie TGR-STA-1030 to China — In a report revealed final week, Reuters mentioned Palo Alto Networks Unit 42 opted to not attribute China to a sprawling cyber espionage marketing campaign dubbed TGR-STA-1030 that it mentioned broke into the networks of at the very least 70 authorities and important infrastructure organizations throughout 37 nations over the previous yr. The choice was motivated “over considerations that the cybersecurity firm or its shoppers might face retaliation from Beijing,” the information company mentioned. It is value noting that the marketing campaign reveals typical hallmarks related to a typical China-nexus espionage effort, not least due to using instruments like Behinder, neo-reGeorg, and Godzilla, which have been primarily recognized as utilized by Chinese language hacking teams previously.
• Development Micro Particulars New Menace Actor Taxonomy — Development Micro has outlined a brand new menace attribution framework that applies standardized proof scoring, relationship mapping, and bias testing to scale back the chance of misattribution. The naming conference contains Earth for espionage, Water for financially motivated operations, Hearth for harmful or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for blended motivation. “Sturdy attribution comes from weighing proof appropriately,” Development Micro mentioned. “Not all proof carries the identical weight, and efficient attribution relies on separating high-value intelligence from disposable indicators. Attribution confidence comes from indicators that persist over time. Quantifying proof high quality by means of constant scoring prevents analysts from overvaluing noise or instinct, helps problem assumptions, and retains the give attention to indicators that genuinely strengthen the general attribution case quite than remoted information factors that don’t transfer it ahead.”
• Cryptocurrency Flows to Suspected Human Trafficking Companies Surge — Cryptocurrency flows to suspected human trafficking providers, largely primarily based in Southeast Asia, grew 85% in 2025, reaching a scale of a whole bunch of hundreds of thousands throughout recognized providers. “This surge in cryptocurrency flows to suspected human trafficking providers just isn’t occurring in isolation, however is carefully aligned with the expansion of Southeast Asia–primarily based rip-off compounds, on-line casinos and playing websites, and Chinese language-language cash laundering (CMLN) and assure networks working largely through Telegram, all of which kind a quickly increasing native illicit ecosystem with international attain and impression,” Chainalysis mentioned.
• Safety Flaw in Munge — A high-severity vulnerability has been disclosed in Munge that might enable a neighborhood attacker to leak cryptographic key materials from course of reminiscence, and use it to forge arbitrary Munge credentials to impersonate any person, together with root, to providers that depend on it for authentication. Munge is an authentication service for creating and validating person credentials that is designed to be used in high-performance computing (HPC) cluster environments. The vulnerability, tracked as CVE-2026-25506 (CVSS rating: 7.7), has been current within the codebase for about 20 years, per Lexfo. It impacts each model as much as 0.5.17, and has been addressed in model 0.5.18, launched on February 10, 2026. “This vulnerability could be exploited regionally to leak the Munge secret key, permitting an attacker to forge arbitrary Munge tokens, legitimate throughout the cluster,” Lexfo mentioned. “In a manner, this can be a native privilege escalation within the context of high-performance computer systems.”
• New Marketing campaign Distributes Lumma Stealer and Trojanized Chromium-Based mostly Ninja Browser — A big-scale malware marketing campaign has been exploiting trusted Google providers, together with Google Teams, Google Docs, and Google Drive, to distribute Lumma Stealer and a trojanized Chromium-based Ninja Browser on Home windows and Linux programs. The assault chain entails the menace actor embedding malicious obtain hyperlinks disguised as software program updates, typically utilizing URL shorteners, in Google Teams to trick customers into putting in malware. Central to the assault is the abuse of the inherent belief related to Google-hosted platforms to bypass standard security controls and improve the probability of profitable compromise. “The operation leverages greater than 4,000 malicious Google Teams and three,500 Google-hosted URLs to embed misleading obtain hyperlinks inside legitimate-looking discussions, focusing on organizations worldwide,” CTM360 mentioned. “The marketing campaign dynamically redirects victims primarily based on the working system, delivering an outsized, obfuscated Lumma payload to Home windows customers and a persistence-enabled malicious browser to Linux programs.”
• Disney Agrees to $2.75M Tremendous for Data Privateness Violations — Walt Disney has agreed to a $2.75 million advantageous with the U.S. state of California in response to allegations that it broke the state’s privateness regulation, the California Shopper Safety Act, by making it tough for customers to decide out of getting their information shared and offered. The corporate has additionally agreed to implement opt-out strategies that absolutely cease Disney’s sale or sharing of customers’ private info. “Customers should not need to go to infinity and past to say their privateness rights,” mentioned California Legal professional Common Rob Bonta. “California’s nation-leading privateness regulation is obvious: A client’s opt-out proper applies wherever and nevertheless a enterprise sells information — companies can’t power folks to go device-by-device or service-by-service. In California, asking a enterprise to cease promoting your information shouldn’t be difficult or cumbersome. My workplace is dedicated to the continued enforcement of this important privateness regulation.”
• Leaked Credentials Uncovered Airport Programs to Safety Dangers — CloudSEK mentioned it found login credentials for a European fourth-party airport service portal being circulated on underground boards, doubtlessly permitting menace actors unauthorized entry to an unnamed vendor’s Subsequent Technology Operations Assist System (NGOSS) programs at roughly 200 airports throughout a number of nations. “The portal, which served because the central management panel for over 200 consumer airports, lacked Multi-Issue Authentication (MFA),” CloudSEK mentioned. “No breach occurred — however the potential for one was quick and extreme.”

🔧 Cybersecurity Instruments

• SCAM (Safety Comprehension Consciousness Measure) — It’s a benchmark by 1Password that checks how safely AI brokers deal with delicate info in actual office conditions. As an alternative of asking brokers to determine apparent scams, it locations them inside on a regular basis duties—e mail, credentials, internet varieties—the place hidden threats like phishing hyperlinks and faux domains seem naturally. The purpose is to measure whether or not AI can acknowledge, keep away from, and report dangers earlier than injury occurs.
• Quantickle — It’s a browser-based graph visualization instrument designed to assist analysts map and discover menace intelligence information. It turns advanced relationships—IPs, domains, malware, actors—into interactive community graphs, making patterns, connections, and assault paths simpler to see, examine, and clarify.

Disclaimer: These instruments are supplied for analysis and academic use solely. They don’t seem to be security-audited and should trigger hurt if misused. Overview the code, take a look at in managed environments, and adjust to all relevant legal guidelines and insurance policies.

Conclusion

Taken collectively, these incidents present how menace exercise is spreading throughout each layer. Consumer instruments, enterprise software program, cloud infrastructure, and nationwide programs are all in scope. The entry factors differ, however the goal stays the identical: achieve entry quietly, then scale impression over time.

The tales above should not remoted alerts. Learn as an entire, they define the place stress is constructing subsequent and the place defenses are probably to be examined within the weeks forward.