Find notable cyber news and cases, enriched with sources, timelines, and signals.

AgreeTo Outlook add-in hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

The AgreeTo Outlook add-in was compromised when an attacker took over its abandoned domain and used it to deliver a fake Microsoft login page, putting users' credentials at risk. The phishing flow captured over 4,000 passwords before redirecting victims to the real sign-in page. The abuse shows how a trusted Outlook add-in can be subverted after its hosting infrastructure is abandoned.

Related Happenings

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
H score37 First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing** vulnerability in **on-premises Microsoft Exchange Server** that can lead to **arbitrary JavaScript execution** in a br...

Latest development: 09.06.2026 20:57

Microsoft identifies CVE-2026-42897 in Microsoft Exchange Server as an actively exploited spoofing vulnerability that can lead to JavaScript execution in a target’s browser when a specially crafted email is opened in Outlook Web Access under certain interaction conditions. Microsoft says mitigations are being pushed through the Exchange Emergency Mitigation Service while it continues work on the full update.

Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025

Trend
H score6 First: 13.04.2026 18:00 Last: 13.04.2026 18:00 Sources 1

About this happening: In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...

Microsoft Classic Outlook email sending disruption

Service Disruption
H score0 First: 02.04.2026 12:12 Last: 02.04.2026 12:12 Sources 1

About this happening: **Microsoft** is investigating a **Classic Outlook** disruption that can prevent some users from sending or replying to email through **Outlook.com**, causing **NDR errors** and m...

Latest development: 06.04.2026 22:19

Microsoft fixed a known issue affecting some Classic Outlook users sending emails via Outlook.com that could return non-delivery reports (NDRs) with 0x80070005-0x0004dc-0x000524 errors. Microsoft said the service change was in production as of April 3, 2026, and advised affected users to use the New Outlook client or Outlook.com on the web; Microsoft also pointed users to downloading the Outlook Address Book for affected Outlook.com accounts.

Microsoft classic Outlook Gmail and Yahoo sync disruption

Service Disruption
H score0 First: 24.03.2026 17:12 Last: 24.03.2026 17:12 Sources 1

About this happening: The **classic Outlook** synchronization failure affecting **Gmail** and **Yahoo** accounts has been fixed, restoring email access for impacted users. Microsoft said the bug produc...

Microsoft Azure Monitor callback phishing campaign

Campaign
H score29 First: 21.03.2026 16:09 Last: 21.03.2026 16:09 Sources 1

About this happening: A **callback phishing campaign** is abusing **Microsoft Azure Monitor** alerts to send fake billing warnings through legitimate Microsoft mail flow, making the messages more belie...

Timeline

  1. 11.02.2026 19:45 2 articles · 4mo ago

    Koi Security discloses AgreeTo Outlook add-in credential theft

    Initial Disclosure

    Koi Security identified a malicious AgreeTo Outlook add-in campaign after an attacker took control of the abandoned outlook-one.vercel[.]app URL, served a fake Microsoft sign-in page, exfiltrated entered credentials through the Telegram Bot API, and redirected victims to the real login page; the activity was said to have stolen over 4,000 credentials, and the add-in had last been updated in December 2022.

    Show sources