Cybersecurity researchers found the first known harmful Microsoft Outlook add-in used in a real attack. The add-in, called AgreeTo, was once a normal calendar tool but was abandoned after 2022. An attacker took control of its expired web address and replaced it with a fake Microsoft login page. When users entered their passwords, the attacker stole them. Over 4,000 accounts were affected.

This happened because Outlook add-ins load content from a web link that can change over time....

Microsoft is warning that cybercriminals are increasingly targeting Apple macOS users with data-stealing malicious software, expanding beyond their traditional focus on Windows systems.

The company says attackers are using deceptive online ads, fake websites, and phishing messages to trick people into installing malicious software. These scams often appear when users search for popular tools, including AI-related apps or utility software, and are sometimes delivered through platforms...

Security researchers found a fake add-on for Visual Studio Code that claimed to be a free AI helper for Moltbot, a popular tool. The add-on appeared in the official VS Code store but secretly installed harmful software that let attackers take control of users’ computers. Moltbot does not have an official VS Code add-on, and attackers used its popularity to trick people. Microsoft has now removed the fake add-on.

After installation, the add-on ran automatically whenever VS Code was...

Cybersecurity researchers are warning about a new scam on LinkedIn where hackers use private messages to trick people into downloading harmful files.

According to security firm ReliaQuest, attackers contact professionals through LinkedIn, build trust, and convince them to download what appears to be a harmless file. In reality, the download secretly installs malicious software on the victim’s computer.

Once opened, the file allows attackers to quietly gain ongoing access to the...

Researchers have discovered a new attack called Reprompt that can steal sensitive data from AI chatbots like Microsoft Copilot. The attack works with just one click on a real Microsoft link and does not need any plugins or extra user actions. It tricks the chatbot into following hidden instructions from the attacker’s server, even after the chat is closed, so data can be taken without the user knowing. Microsoft has fixed this issue, and enterprise users...

Security experts have found two popular Chrome browser extensions that secretly read and send users’ ChatGPT and DeepSeek conversations to outside servers without their knowledge. Together, the extensions have been downloaded by more than 900,000 people.

The affected extensions are:

• Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI
• AI Sidebar with Deepseek, ChatGPT, Claude, and more

The...

Microsoft has rolled out its final set of security updates for 2025, fixing 56 vulnerabilities in Windows, including one that has already been exploited by hackers.

Of these issues, three are critical and the rest are considered important. The problems affect a wide range of Windows features and could allow attackers to take control of computers or access sensitive information if left unpatched.

One of the most serious flaws affects the...

Microsoft quietly fixed a security bug in Windows shortcut (.LNK) files in its November 2025 updates. This bug, called CVE-2025-9491, let attackers hide harmful commands inside shortcut files. When a user looked at the file’s properties, Windows only showed the first 260 characters, hiding the rest. This made the shortcut look safe even when it was not.

Hackers from several countries, including China, Iran, North Korea, and Russia, had used this flaw since 2017 to...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are increasingly targeting people who use popular mobile messaging apps, such as Signal, WhatsApp, and Telegram.

According to CISA, cybercriminals are using sneaky tricks and fake apps to gain access to users’ accounts and steal sensitive information. The attacks are aimed at high-profile individuals, including government officials, military personnel, and leaders of civil society organizations,...

Attackers using a Phishing-as-a-Service kit called Sneaky 2FA have added Browser-in-the-Browser (BitB) attacks to their tools. This method creates fake pop-up login windows that look real, helping criminals steal Microsoft account credentials. BitB works by copying the look of a normal login pop-up and showing what appears to be a legitimate URL, even though the page is fake.

In one example, victims visited a suspicious site, passed a bot check, and...