IN this week’s recap, The Hacker News reports on an Outlook add-in incident where the legitimate AgreeTo add-in for Outlook was hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials, facilitated by taking control of a domain tied to a now-abandoned project to serve a fake Microsoft login page.
The story highlights how Office add-ins, run inside Outlook and able to request email-reading permissions, can be distributed through Microsoft’s store and exploited through trusted channels.
In other top news, Google released fixes for an actively exploited Chrome 0-day tracked as CVE-2026-2441 (CVSS 8.8), described as a use-after-free in CSS; BeyondTrust Remote Support and Privileged Remote Access patch CVE-2026-1731 (CVSS 9.9) after PoC exploit became visible in the wild; and Apple issued patches for CVE-2026-20700 across iOS, iPadOS, macOS Tahoe, tvOS, watchOS and visionOS following Threat Analysis Group discoveries.
Additionally, the recap notes a wormable Linux botnet named SSHStalker using IRC for C2, deploying via SSH scanning and brute force, and a campaign by TeamPCP targeting misconfigured cloud environments to monetise via mining, proxyware, data theft and extortion. According to The Hacker News, these incidents illustrate how trusted tools and cloud infrastructure can become entry points when assets are overlooked or abandoned.