Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

AgreeTo Outlook add-in hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 13
1 unique sources, 1 articles

Summary

Hide ▲

The AgreeTo Outlook add-in was compromised when an attacker took over its abandoned domain and used it to deliver a fake Microsoft login page, putting users' credentials at risk. The phishing flow captured over 4,000 passwords before redirecting victims to the real sign-in page. The abuse shows how a trusted Outlook add-in can be subverted after its hosting infrastructure is abandoned.

Related Happenings

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...

Open Happening

Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025

Target Trend
First: 13.04.2026 18:00 Last: 13.04.2026 18:00 Sources 1

About this happening: In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...

Open Happening

Microsoft Classic Outlook email sending disruption

Service Disruption
First: 02.04.2026 12:12 Last: 02.04.2026 12:12 Sources 1

About this happening: **Microsoft** is investigating a **Classic Outlook** disruption that can prevent some users from sending or replying to email through **Outlook.com**, causing **NDR errors** and m...

Latest development: 06.04.2026 22:19

Microsoft fixed a known issue affecting some Classic Outlook users sending emails via Outlook.com that could return non-delivery reports (NDRs) with 0x80070005-0x0004dc-0x000524 errors. Microsoft said the service change was in production as of April 3, 2026, and advised affected users to use the New Outlook client or Outlook.com on the web; Microsoft also pointed users to downloading the Outlook Address Book for affected Outlook.com accounts.

Open Happening

Microsoft classic Outlook Gmail and Yahoo sync disruption

Service Disruption
First: 24.03.2026 17:12 Last: 24.03.2026 17:12 Sources 1

About this happening: The **classic Outlook** synchronization failure affecting **Gmail** and **Yahoo** accounts has been fixed, restoring email access for impacted users. Microsoft said the bug produc...

Open Happening

Microsoft Azure Monitor callback phishing campaign

Campaign
First: 21.03.2026 16:09 Last: 21.03.2026 16:09 Sources 1

About this happening: A **callback phishing campaign** is abusing **Microsoft Azure Monitor** alerts to send fake billing warnings through legitimate Microsoft mail flow, making the messages more belie...

Open Happening

Timeline

  1. 11.02.2026 19:45 2 articles · 3mo ago

    Koi Security discloses AgreeTo Outlook add-in credential theft

    Initial Disclosure

    Koi Security identified a malicious AgreeTo Outlook add-in campaign after an attacker took control of the abandoned outlook-one.vercel[.]app URL, served a fake Microsoft sign-in page, exfiltrated entered credentials through the Telegram Bot API, and redirected victims to the real login page; the activity was said to have stolen over 4,000 credentials, and the add-in had last been updated in December 2022.

    Show sources
    Open in new tab