2026年2月11日,微软应用商店(Microsoft Store)上架的Outlook插件AgreeTo被攻击者劫持,沦为钓鱼工具,导致超4000个用户账户凭证泄露。该插件由独立开发者于2022年12月发布,后因项目废弃,其托管在Vercel的URL被接管,植入恶意登录页及Telegram数据回传脚本。用户触发插件后将看到高仿微软登录界面,输入凭证即实时外泄,随后被重定向至真实页面以规避察觉。...
Source Link2026年2月11日,微软应用商店(Microsoft Store)上架的Outlook插件AgreeTo被攻击者劫持,沦为钓鱼工具,导致超4000个用户账户凭证泄露。该插件由独立开发者于2022年12月发布,后因项目废弃,其托管在Vercel的URL被接管,植入恶意登录页及Telegram数据回传脚本。用户触发插件后将看到高仿微软登录界面,输入凭证即实时外泄,随后被重定向至真实页面以规避察觉。...
Source LinkDisclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.