First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Published: 3 days ago (February 11, 2026 at 12:45 PM EST)

1 min read

Source: The Hacker News

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add‑in detected in the wild.

In this unusual supply‑chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now‑abandoned legitimate add‑in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been

Back to Blog

Unofficial 7-zip.com website served up malware-laden downloads for over a week — infected PCs forced into a proxy botnet

!Trojan horsehttps://cdn.mos.cms.futurecdn.net/MgvjDybqUb2CUUwwo9R23K.jpg Image credit: Getty Images When setting up a new PC, installing a utility like 7‑zip,...

Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users

Overview Microsoft has rolled out fixes for security vulnerabilities in Windows and Office that are being actively abused by hackers to break into users’ compu...

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

markdown Phishing Letters Targeting Hardware Wallet Users !Ledger & Trezor phishing letter examplehttps://www.bleepstatic.com/content/hl-images/2026/02/13/ledge...

Skip the new laptop and modernize your PC instead with Windows 11 Pro for $12.97

TL;DR: Upgrade your PC with Microsoft Windows 11 Pro for just $12.97 regular $199 – a limited‑time deal that delivers a faster, safer, and more up‑to‑date Windo...

Related posts

Unofficial 7-zip.com website served up malware-laden downloads for over a week — infected PCs forced into a proxy botnet

Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

Skip the new laptop and modernize your PC instead with Windows 11 Pro for $12.97