Microsoft Outlook is a technology platform tracked across 23 threat clusters and 30 intelligence report mentions on ThreatCluster. First observed November 17, 2025; most recent activity July 13, 2026.
The MonikerLink vulnerability in Microsoft Outlook allows for remote code execution via malicious hyperlinks in emails. Discovered by Check Point Research, a proof-of-concept exploit has been released, potentially…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
The China-aligned APT group Webworm has shifted its focus from Asia to Europe, targeting government organizations in Belgium, Italy, Poland, Serbia, and Spain during 2025. ESET researchers identified new backdoors,…
On March 11, 2026, the Iranian-linked hacking group Handala executed a significant cyberattack on Stryker, a major U.S. medical technology company, causing a global disruption across its Microsoft environment. The…
Microsoft has patched a high-severity zero-day vulnerability in Exchange Server, tracked as CVE-2026-42897, which allows attackers to execute arbitrary JavaScript via crafted emails in Outlook Web Access. The flaw…
A new ransomware campaign linked to the Payouts King group employs a malicious Microsoft Edge extension called 'Edgecution' to exploit the Chrome native messaging protocol. This attack allows the malware to escape the…
On June 9, 2026, Microsoft released its largest Patch Tuesday update, addressing 206 vulnerabilities, including three zero-day flaws. Among the critical vulnerabilities, 32 were rated as critical, with 28 classified as…
Cybercriminals are increasingly using OAuth client ID spoofing to conduct account enumeration against Microsoft Entra, the identity management service. This method allows attackers to infer username and password…
The newly discovered PCPJack malware framework is actively targeting cloud environments to steal credentials while removing remnants of the TeamPCP cybercrime group. This worm exploits exposed services such as Docker,…
The Grandoreiro banking trojan, active since 2016, has intensified its phishing campaigns targeting over 1,700 banks and financial institutions across 60 countries, including recent operations in South Africa and…