Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, moder...

Outlook add-in goes rogue and steals 4,000 credentials and payment data

Researchers found a malicious Microsoft Outlook add-in which was able to steal 4,000 stolen Microsoft account credentials, credit card numbers, and banking security answers. How is it possible that the Microsoft Office Add-in Store ended listing an add-in that silently loaded a phishing kit insid...

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fa...

EUVD-2018-10826

Malware in sbrugna...

EUVD-2016-5119

Malware in sbrugna...

EUVD-2001-1185

Malware in sbrugna...

EUVD-2020-4148

Malware in sbrugna...

EUVD-2019-7794

Malware in sbrugna...

EUVD-2023-49987

Malicious code in bioql PyPI...

EUVD-2021-8744

Malicious code in bioql PyPI...

Malicious code in ringcentral-google-drive-notification-add-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afbe2fb4071ec030a6a51319f5f0b9d45664bf8caba681cfac58bb60bd001cf0 The OpenSSF Package Analysis project identified 'ringcentral-google-drive-notification-add-in' @ 2.2.2 npm as malicious. It is considered...

July 1, 2025, update for Office 2016 (KB5002733)

July 1, 2025, update for Office 2016 KB5002733 This article describes update 5002733 for Microsoft Office 2016 that was released on July 1, 2025.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...

CVE-2021-21470

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configurati...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Bigantsoft Bigant_Server

CVE-2025-0364: BigAntSoft BigAnt Server Account Registration B...

CVE-2019-17390

An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control is mishandled, aka PNB-2359...

June 4, 2024, update for Office 2016 (KB5002585)

June 4, 2024, update for Office 2016 KB5002585 This article describes update 5002585 for Microsoft Office 2016 that was released on June 4, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a security hole in the add-in interface...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an add-in interface crash in a lagging situation...

April 2, 2024, update for Office 2016 (KB5002452)

April 2, 2024, update for Office 2016 KB5002452 This article describes update 5002452 for Microsoft Office 2016 that was released on April 2, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...