Researchers now believe attackers may have had prior access to networks and that malware was more sophisticated than originally believed.
One of the bugs could allow a successful attack simply by a user viewing an email in Outlook’s Preview pane.
It’s just the latest reported vulnerability for the secure messaging application.
The malware’s sole purpose was to take down systems, not steal data, Cisco Talos researchers say.
Emails try to get recipients to share revealing photos of themselves so scammers can later extort them later.
The attack could have been averted through a technique called subresource integrity, according to researcher Scott Helme.
Cisco has issued patches for the vulnerability, which could be up to seven years old.
Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical Broadcom vulnerabilities impact 25 models of its popular ThinkPad laptops.
Apple said the leak of its iBoot source code will have little to no impact on iOS device security.
The vulnerability also exposed login credentials for a massive national insurance claims database, Upguard says.