Email security , Phishing , Supply chain 1st malicious Outlook add-in ‘AgreeToSteal’ discovered, over 4,000 credentials stolen February 12, 2026 By SC Staff (Photo Illustration by Jakub Porzycki/NurPhoto via Getty Images) The first known malicious Microsoft Outlook add-in has been discovered in the wild, marking a new frontier in supply chain attacks. An unknown attacker claimed the domain of a legitimate, abandoned add-in and used it to host a fake Microsoft login page, successfully stealing over 4,000 user credentials, Koi Security discovered. This activity, codenamed AgreeToSteal, highlights a weakness in how add-ins are distributed and monitored, according to a recent report by The Hacker News. The attack targeted the AgreeTo add-in, which was designed to consolidate calendar information. The attacker exploited the fact that the original developer had abandoned the project, allowing them to claim the associated domain. This domain then served a phishing kit that mimicked a Microsoft sign-in page. Users who entered their credentials had them exfiltrated via the Telegram Bot API. Researchers noted that the add-in possessed "ReadWriteItem" permissions, which could have allowed for even more severe data theft, such as covertly siphoning email contents. This incident demonstrates a broadening of supply chain attack vectors, extending into trusted software distribution channels like Microsoft's own store. The AgreeToSteal incident underscores the need for continuous monitoring of add-ins and other software components hosted on marketplaces. The current model, where add-ins are approved once but their dynamic content is not regularly re-evaluated, creates a significant security gap. Recommendations for Microsoft from Koi Security include re-reviewing add-ins when their content changes, verifying domain ownership, and flagging or delisting unmaintained add-ins. This vulnerability is not unique to Microsoft's ecosystem and affects any platform relying on remote dynamic dependencies, highlighting a systemic issue in software supply chain security. Source: The Hacker News SC Staff Vulnerability Management Unstructured.io flaw enables path traversal by email attachment Laura French February 13, 2026 A malicious attachment could cause files to be written to sensitive locations, leading to RCE. Data Security Alleged leak of over 6.8B emails downplayed SC Staff February 12, 2026 Cybernews reports that more than 6.8 billion unique email addresses were touted by threat actor Adkka72424 to have been included in a 150 GB database posted on BreachForums in early January. Phishing Phishing campaign exploits Pride Month to target employees SC Staff February 11, 2026 The phishing campaign, first detected in mid-December 2025, months before Pride Month, targets organizations globally, with the UK and United States being heavily impacted. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Related Terms Bring Your Own Device (BYOD) Eavesdropping Email Spoofing Internet Message Access Protocol (IMAP) Post Office Protocol, Version 3 (POP3) Spam Store-and-Forward You can skip this ad in 5 seconds