Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook
APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.
Outlook
TLS Certificate Mis-Issuance Exposes 1.1.1.1 DNS Service to Exploitation
Security researchers revealed that three unauthorized TLS certificates were issued in May 2025 for 1.1.1.1, the widely used public DNS service run by Cloudflare and APNIC. These certificates, improperly issued by the Fina RDC 2020 certificate authority…
New ‘NotDoor’ Malware Targets Outlook Users for Data Theft and System Compromise
Russian state-sponsored hackers have developed a sophisticated new backdoor malware called “NotDoor” that specifically targets Microsoft Outlook users, enabling attackers to steal sensitive data and gain complete control over compromised sy…
Iranian Spear-Phishing Attack Impersonates Google, Outlook, and Yahoo Domains
Check Point Research has uncovered a renewed global spear-phishing campaign orchestrated by the Iranian threat actor Educated Manticore, also known as APT42, Charming Kitten, and Mint Sandstorm. Linked to the IRGC Intelligence Organization, this group …
Cybercriminals Use TeamFiltration Pentesting Framework to Breach Microsoft Teams, OneDrive, Outlook, and More
Proofpoint threat researchers have exposed an active account takeover (ATO) campaign, dubbed UNK_SneakyStrike, exploiting the TeamFiltration pentesting framework to target Microsoft Entra ID user accounts. Since December 2024, this malicious operation …
Researchers unearth keyloggers on Outlook login pages
Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keylogge…
Outlook Vulnerability Allows Remote Execution of Arbitrary Code by Attackers
Microsoft confirmed a critical security vulnerability (CVE-2025-47176) in Microsoft Office Outlook, enabling attackers to execute arbitrary code. Despite the “Remote Code Execution” title, the attack vector is local, requiring attackers to run code fro…
Hackers Exploit New HTML Trick to Deceive Outlook Users into Clicking Malicious Links
Cybersecurity researchers have encountered a cleverly crafted phishing email targeting Czech bank customers, employing a lesser-known but highly deceptive technique to bypass security mechanisms and trick users into clicking malicious links. At first g…
W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials
Cybersecurity researchers have recently uncovered a sophisticated phishing campaign leveraging the notorious W3LL Phishing Kit. Originally identified by Group-IB in 2022, W3LL differentiates itself in the criminal ecosystem as a phishing-as-a-service (…
Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft
The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware, a sophisticated infostealer designed to target specific email clients, notably Microsoft Outlook and Mozilla Thunderbird. This malware has been activ…