Latest news as of 2/12/2026, 12:06:48 AM
The Hacker News
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been
Bleeping Computer
Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. [...]
Dark Reading
In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.
Bleeping Computer
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. [...]
The Register
Add-ons with 37M installs leak visited URLs to 30+ recipients, researcher says They know where you've been and they're going to share it. A security researcher has identified 287 Chrome extensions that allegedly exfiltrate browsing history data for an estimated 37.4 million installations.…
Dark Reading
How a platform engineering team embeds supply chain security into infrastructure without slowing developers.
Bleeping Computer
A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. [...]
Dark Reading
CISOs should focus on harnessing and securing AI and building new skills among their people. Vision and change management can transform security.
Bleeping Computer
The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. [...]
The Register
The more you share online, the more you open yourself to social engineering If you've seen the viral AI work pic trend where people are asking ChatGPT to "create a caricature of me and my job based on everything you know about me" and sharing it to social, you might think it's harmless. You'd be wrong.…