Bleeping Computer

Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts

The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. Originally a legitimate meeting scheduling tool for Outlook ...
Bleeping Computer

Fake Microsoft Office add-in tools push malware via SourceForge

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. SourceForge.net is a legitimate software ...
Computerworld

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, ...