‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

A hacker noticed the change in its status and hijacked the dead add-in and its 4.71-star rating to conduct a phishing campaign that the company which uncovered the attack, plug-in security company Koi ...

Popular Microsoft Outlook add-in hijacked to try and steal user accounts

A Microsoft Outlook add-in was abandoned and taken over by hackers, who used it to collect email accounts and banking data.
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.