"This week's recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path gives the easiest foothold."
"Malicious Outlook Add-in Turns Into Phishing Kit - In an unusual case of a supply chain attack, the legitimate AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. This was made possible by seizing control of a domain associated with the now-abandoned project to serve a fake Microsoft login page. The incident demonstrates how overlooked and abandoned assets turn into attack vectors."
Small gaps are turning into significant entry points for attackers, often via trusted tools, add-ons, cloud configurations, or routine workflows that receive little scrutiny. Attackers are combining legacy methods such as botnets with modern cloud abuse, AI assistance, and supply-chain exposure to exploit whichever path is easiest. A hijacked Outlook add-in (AgreeTo) was converted into a phishing kit by seizing an associated abandoned domain, leading to over 4,000 stolen Microsoft account credentials. Office add-ins can access and modify sensitive communications and are distributed through trusted stores, increasing risk. Google also patched an actively exploited Chrome 0-day use-after-free vulnerability.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]