Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware  Ravie Lakshmanan  Feb 16, 2026 This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path gives the easiest foothold. Below is the full weekly recap — a condensed scan of the incidents, flaws, and campaigns shaping the threat landscape right now. ⚡ Threat of the Week Malicious Outlook Add-in Turns Into Phishing Kit — In an unusual case of a supply chain attack, the legitimate AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. This was made possible by seizing control of a domain associated with the now-abandoned project to serve a fake Microsoft login page. The incident demonstrates how overlooked and abandoned assets turn into attack vectors. "What makes Office add-ins particularly concerning is the combination of factors: they run inside Outlook, where users handle their most sensitive communications, they can request permissions to read and modify emails, and they're distributed through Microsoft's own store, which carries implicit trust," Koi Security's Idan Dardikman said. Microsoft has since removed the add-in from its store. Can You Quantify Risk to Your Board? Bridge the gap between technical expertise and board-level strategy. This free course teaches you to communicate risk and secure the budget you need. Get Certified Free ➝ 🔔 Top News Google Releases Fixes for Actively Exploited Chrome 0-Day — Google shipped security updates for its Chrome browser to address a flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS that could result in arbitrary code execution. Google did not disclose any details about how the vulnerability is being exploited in the wild, by whom, or who may have been targeted, but it acknowledged that "an exploit for CVE-2026-2441 exists in the wild." CVE-2026-2441 is the first actively exploited Chrome flaw patched by Google this year. BeyondTrust Flaw Comes Under Active Exploitation — A newly disclosed critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has come under active exploitation in the wild less than 24 hours after the publication of a proof-of-concept (PoC) exploit. The vulnerability in question is CVE-2026-1731 (CVS score: 9.9), which could allow an unauthenticated attacker to achieve remote code execution by sending specially crafted requests. According to BeyondTrust, successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption. Data from GreyNoise revealed that a single IP accounted for 86% of all observed reconnaissance sessions so far. Apple Ships Patches for Actively Exploited 0-Day — Apple released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks against specific individuals on versions of iOS before iOS 26. The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an attacker with memory write capability to execute arbitrary code on susceptible devices. Google Threat Analysis Group (TAG) has been credited with discovering and reporting the bug. The issue has been addressed in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3. SSHStalker Uses IRC for C2 — A newly documented Linux botnet named SSHStalker is using the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) operations. The SSHStalker botnet relies on classic IRC mechanics, prioritizing resilience, scale, and low-cost C2 over stealth and technical novelty. The toolkit achieves initial access through automated SSH scanning and brute forcing, using a Go binary that masquerades as the popular open-source network discovery utility nmap. Compromised hosts are then used to scan for additional SSH targets, allowing it to spread in a worm-like manner. Also dropped to infected hosts are payloads to escalate privileges using a catalog of 15-year-old CVEs, perform AWS key harvesting, and cryptocurrency mining. "What we actually found was a loud, stitched-together botnet kit that mixes old-school IRC control, compiling binaries on hosts, mass SSH compromise, and cron-based persistence," Flare said, describing it as a "scale-first operation that favors reliability over stealth." TeamPCP Turns Cloud Infrastructure into Cybercrime Bots — A threat cluster known as TeamPCP is systematically targeting misconfigured and exposed cloud native environments to hijack infrastructure, expand its scale, and monetize its operations through cryptocurrency mining, proxyware, data theft, and extortion. TeamPCP's modus operandi involves scanning broad IP ranges for exposed Docker APIs, Kubernetes clusters, Redis servers, Ray dashboards, and systems susceptible to the React2Shell vulnerability in React Server Components. Once it gains access to a system, the threat actor deploys malicious Python and Shell scripts that pull down additional payloads to install proxies, tunneling software, and other components that enable persistence even after server reboots. The varied end goals of the operation ensure that TeamPCP has several revenue streams as "every compromised system becomes a scanner, a proxy, a miner, a data exfiltration node, and a launchpad for further attacks," Flare said. "Kubernetes clusters are not merely breached; they are converted into distributed botnets." State-Sponsored Hackers Use AI at All Stages of Attack Cycle — Google said it found evidence of nation-state hacking groups using its artificial intelligence (AI) chatbot Gemini at nearly every stage of the cyber attack cycle. The findings once again underscore how such tools are being increasingly integrated into malicious operations, even if they don't equip bad actors with novel capabilities. One major area of concern with AI abuse is automating the development of vulnerability exploitation, allowing attackers to move faster than the defenders, necessitating that companies respond quickly and fix security weaknesses. Gemini is being weaponized in other ways too, Google said, with some bad actors embedding its APIs directly into malicious code. This includes a new malware family called HONESTCUE that sends prompts to generate working code that the malware compiles and executes in memory. The prompts appear benign in isolation and "devoid of any context related to malware," allowing them to bypass Gemini's safety filters. Nation-State Hackers Go After Defense Industrial Base — Digital threats targeting the defense industrial base (DIB) sector are expanding beyond traditional espionage into supply chain attacks, workforce infiltration, and cyber operations that lend nations a strategic advantage on the battlefield. The development comes as the cyber domain becomes increasingly intertwined with national defense. Google Threat Intelligence Group said the DIB sector faces a "relentless barrage" of cyber operations conducted by state-sponsored actors and criminal groups. These activities are primarily driven by Chinese, Iranian, North Korean, and Russian threat actors. This is also complemented by pre-positioning efforts to gain covert access through zero-day vulnerabilities in edge network devices to maintain persistent access for future strategic advantage. "In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation," the tech giant said. ‎️‍🔥 Trending CVEs New vulnerabilities surface daily, and attackers move fast. Reviewing and patching early keeps your systems resilient. Here are this week’s most critical flaws to check first — CVE-2026-2441 (Google Chrome), CVE-2026-20700 (Apple iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS), CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533 (Microsoft Windows), CVE-2026-1731 (BeyondTrust Remote Support and Privileged Remote Access), CVE-2026-1774 (CASL Ability), CVE-2026-25639 (Axios), CVE-2026-25646 (libpng), CVE-2026-1357 (WPvivid Backup & Migration plugin), CVE-2026-0969 (next-mdx-remote), CVE-2026-25881 (SandboxJS), CVE-2025-66630 (Fiber v2), and a path traversal vulnerability in PyMuPDF (no CVE). 🎥 Cybersecurity Webinars Quantum-Ready Security: Preparing for Post-Quantum Cryptography Risks — Quantum computing is advancing fast and it could soon break today’s encryption. Attackers are already collecting encrypted data to decrypt later using quantum power. In this webinar, learn how post-quantum cryptography (PQC) protects sensitive data, ensures compliance, and prepares your organization for future threats. Discover practical strategies, hybrid encryption models, and real solutions from Zscaler to secure your business for the quantum era. AI Agents Are Expanding Your Attack Surface — Learn How to Secure Them — AI agents are no longer just chatbots; they browse the web, run code, and access company systems. This creates new security risks beyond prompts. In this session, Rahul Parwani explains how attackers target AI agents and what teams can do to protect them in real-world use. Faster Cloud Breach Analysis With Context-Aware F