Malicious Outlook add-in “AgreeToSteal” hijacked a deleted subdomain.Result:• 4,000+ accounts compromised• Fake Microsoft login inside Outlook• Credit cards + banking data stolenManifest validated once. External URL later hijacked.Architectural gap exposed.https://www.technadu.com/malicious-outlook-add-in-agreetosteal-compromises-4000-accounts-via-subdomain-takeover/619959/#InfoSec #Microsoft365 #Phishing #SaaSSecurity
