{"id":43123,"date":"2021-09-29T00:00:00","date_gmt":"2021-09-29T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/research\/21\/i\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html"},"modified":"2021-09-29T00:00:00","modified_gmt":"2021-09-29T00:00:00","slug":"formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/","title":{"rendered":"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/formbook-main.jpg\"><!-- Begin mPulse library --><!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"endpoints,exploits &amp; vulnerabilities,research,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2021-09-29\"> <meta property=\"article:tag\" content=\"exploits &amp; vulnerabilities\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/i\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html\"> <title>FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/i\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html\"><br \/>\n<meta property=\"og:title\" content=\"FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/formbook-main.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/formbook-main.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.521995518339\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"970646167\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"11.263698630137\">\n<div class=\"article-details\" role=\"heading\" readability=\"42.116438356164\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Exploits &amp; Vulnerabilities<\/p>\n<p class=\"article-details__description\">Trend Micro detected a new campaign using a recent version of the known FormBook infostealer. Newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444.<\/p>\n<p class=\"article-details__author-by\">By: Aliakbar Zahravi, Kamlapati Choubey, Peter Girnus, William Gamazo Sanchez <time class=\"article-details__date\">September 29, 2021<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"38.717689822294\">\n<div readability=\"26.122778675283\">\n<p>Trend Micro detected a new campaign using a recent version of the known FormBook malware, an infostealer that has been around since 2016. Several analyses have been written about FormBook in the last few years, including the expanded support for macOS. FormBook is famous for highly obfuscated payloads and the use of document CVE exploitation. Until recently, FormBook mostly exploited <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2017-0199\" target=\"_blank\" rel=\"noopener\">CVE- 2017-0199<\/a>, but newer FormBook variants used the recent <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/i\/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html\">Office<\/a> 365 zero-day vulnerability, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-40444\" target=\"_blank\" rel=\"noopener\">CVE-2021-40444<\/a>.<b><\/b><\/p>\n<p><b><span class=\"body-subhead-title\">Exploit description<\/span><\/b><\/p>\n<p>FormBook authors did some rewrites on the original exploit, taking as their initial codebase <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/i\/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html\">the one that we<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/09\/15\/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability\/\" target=\"_blank\" rel=\"noopener\">Microsoft observed<\/a> as deploying Cobalt Strike beacons. &nbsp;The exploited vulnerability is CVE-2021-40444. However, since the vulnerability itself has been <a href=\"https:\/\/xret2pwn.github.io\/CVE-2021-40444-Analysis-and-Exploit\/\" target=\"_blank\" rel=\"noopener\">analyzed already<\/a>, here we focus on describing some of the unique changes made by FormBook.<\/p>\n<p>FormBook utilizes a different \u201cTarget\u201d format inside \u201cdocument.xml.rels.\u201d Figure 1 shows the new format on the right side. This is possible because the options \u201cmhtml\u201d and \u201c!x-usc\u201d are not required to exploit the vulnerability. The new format is intended to bypass detections using the mentioned \u201cTarget\u201d options as indicators of exploitation.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig1-formbook.png\" alt=\"Target URL format\"><figcaption>Figure 1. The \u201cTarget\u201d URL format: The previous samples are on the left, while those used by FormBook are on the right.<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>Even when the URL is scrambled using directory traversal paths and empty options for Target (the consecutive \u201c!:\u201d are empty options), the vulnerability is exploited, and Word will send a request to the server as the network capture. This is shown by the selected packet in Figure 2.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig2-formbook.png\" alt=\"Network capture of a FormBook document sample\"><figcaption>Figure 2. Network capture of a FormBook document sample<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>One of the changes introduced to the exploit by FormBook was an obfuscation mechanism. Figure 3 shows an obfuscated section of the FormBook exploit.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig3-formbook.png\" alt=\"FormBook exploit obfuscation\"><figcaption>Figure 3. FormBook exploit obfuscation<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>As previously mentioned, FormBook creators did some rewrites on the original exploit, which was based on the code disclosed by us and Microsoft. FormBook added two calls to a function implementing an anti-debugging behavior commonly used to protect JavaScript code from being reverse-engineered. Figure 4 displays the mentioned function.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig4-formbook.png.jpg\" alt=\"FormBook exploit JavaScript anti debugging\"><figcaption>Figure 4. FormBook exploit JavaScript anti debugging<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.5\">\n<div readability=\"20\">\n<p>When the developer tools of a browser are open, the execution of the <i>f()<\/i> function will open a new virtual machine (VM) window that contains an anonymous function with a <i>debugger<\/i> statement. This will shift the focus from the source code window to the new VM window containing the anonymous function. Stepping through the JavaScript code will continuously execute the anonymous function. This prevents the debugging of the JavaScript code because stepping through the JavaScript code executes the <i>debugger<\/i> statement in a loop.<\/p>\n<p><b><span class=\"body-subhead-title\">Attack chain description<\/span><\/b><\/p>\n<p>Based on our analysis, the campaign used an email with a malicious Word document attachment as the entry vector. In this attack, two layers of PowerShell scripts were used to deliver the known FormBook malware. This version of FormBook is the same as previous versions; however, some specific changes were introduced in the attack chain. The final FormBook malware delivered in this campaign matched the ones that were used in earlier campaigns and analyzed by other researchers. That sample also corresponds to FormBook version 4.1, which we found after decrypting the command-and-control (C&amp;C) channel information. This can be seen in Figure 5.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig5-formbook.png\" alt=\"FormBook decrypted beacon\"><figcaption>Figure 5. FormBook decrypted beacon<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>For this specific campaign, the attack chain is depicted in Figure 6.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig6-formbook.png\" alt=\"Simplified attack chain diagram\"><figcaption>Figure 6. Simplified attack chain diagram<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p>Figure 6 shows how FormBook implemented two PowerShell script stages. The first stage downloads the second one, which is stored as an attachment hosted on Discord. We have recently noticed an increase in the malicious use of files uploaded to this service, with the intent of bypassing network protection.<\/p>\n<p>Figure 7 shows an example of the PowerShell script in the first stage:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig7-formbook.png\" alt=\"PowerShell stage one\"><figcaption>Figure 7. PowerShell stage one<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<p>The example in Figure 6 downloads the next stage from Discord (with the URL itself being obfuscated). The URL is in the following format:<\/p>\n<p><span class=\"blockquote\">hxxps:\/\/cdn[.]discordapp[.]com\/attachments\/889336010087989260\/889336402121199686\/avatar.jpg<\/span><\/p>\n<p>The attachment from Discord is the second PowerShell layer formatted in Base64. This layer contains all required samples to run the FormBook malware.<\/p>\n<p>Figure 8 shows an example of the second PowerShell layer.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/formbook-adds-latest-office-zero-day-vulnerability-cve-2021-40444-to-their-arsenal\/fig8-formbook.png\" alt=\"PowerShell second stage.\"><figcaption>Figure 8. PowerShell second stage.<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"47.474112426036\">\n<div readability=\"42.199211045365\">\n<p>As Figure 8 shows, the value of the variable \u201c$decompressedByteArray\u201d has the \u201c.NET\u201d injector, and the value of the variable \u201c$INICAYLA\u201d has the FormBook malware itself. In this campaign, the method of injecting the malware into the Calculator process is different from previous analyses, but this is because the result of the obfuscation was applied over the \u201c.NET\u201d injector.<\/p>\n<p>The samples of the FormBook malware we obtained are identical to previous incidents, so we do not discuss them here.<\/p>\n<p><b><span class=\"body-subhead-title\">Conclusions<\/span><\/b><\/p>\n<p>Over the last couple of years, we have seen an increase in the use of public services to host malware. Nowadays, there are infinite ways to establish a malware infrastructure simply by using public services. There are multiple benefits for the attackers when using public services:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Extra service rentals and maintenance are not required.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">The URLs look like normal URLs to any scanning device or software.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">In some cases, it is possible to generate practically \u201crandom\u201d URLs.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">There is encrypted traffic (HTTPS) by default.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Automatic resources (such as samples and files) access protection.<\/span><\/li>\n<\/ul>\n<p>At the same time, we have seen an increase in the quality of tools for the automatic generation of obfuscated samples implemented in different and available malware as a service (MaaS).<\/p>\n<p>The combination of those two factors makes the attacker very resilient to detection in the initial delivery days of reusing previously discovered zero-day vulnerabilities, as in this case. This incident also highlights the importance of patching zero-day vulnerabilities urgently. Notably, Microsoft already released a fix for this vulnerability as part of the <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/i\/september-patch-tuesday--66-bulletins--only-3-critical.html\">September 2021 Patch Tuesday cycle<\/a>.<\/p>\n<p>For increased protection, <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\">Trend Micro Vision One\u2122<\/a>&nbsp;spots suspicious behaviors&nbsp;that might seem insignificant when observed from only a single layer.&nbsp;Meanwhile, <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps.html\">Trend Micro&nbsp;Apex One\u2122<\/a>&nbsp;protects endpoint devices through automated threat detection and response against ransomware, fileless threats, and other advanced concerns.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<p><span class=\"body-subhead-title\">Indicators of Compromise<\/span><\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody readability=\"12\">\n<tr readability=\"2\">\n<td><b>Filename\/Description<\/b><\/td>\n<td><b>Hash<\/b><\/td>\n<td><b>Trend Micro Detection Name<\/b><\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>Exploit Html<\/td>\n<td>bb1e9ce455898d6b4d31b2219ff4a5ca9908f7ea0d8046acf846bf839bce1e56<\/td>\n<td>Trojan.HTML.CVE202140444.B<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>payload.cab<\/td>\n<td>a20abef4eecea05b3f3ab64e9f448159e683cf82f1e87a37372c1cacb976052c<\/td>\n<td>Trojan.Win32.CVE202140444.B<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>avatar.ps1<\/td>\n<td>6f11be4822381543eb9dd99a9354575c96a50a5720ee38ee1c1b2ad323a03f04<\/td>\n<td>Trojan.PS1.POWLOAD.TIAOELH<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>payload_TNICAYLA.exe_<\/td>\n<td>f7c5f885f712adb553ee0de0d935869cc9c5627c01b15a614d748acb72b11c74<\/td>\n<td>Trojan.Win32.FORMBOOK.PUSXYV<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td>injector_ncrypt_decompressedByteArray.exe_<\/td>\n<td>eab5dc8f37459f2f329afa63b1f8e8569ad229dc88497ab86e7c6a91be4d9264<\/td>\n<td>Trojan.Win32.CRYPTINJECT.DV<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<p><b>Exploit chain IOCs:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">hxxp:\/\/0x6B[.]0254.0113.0244:8090\/payload.cab<\/span><\/li>\n<li><span class=\"rte-red-bullet\">hxxp:\/\/107[.]172.75.164:8090\/microsoftonline.html<\/span><\/li>\n<li><span class=\"rte-red-bullet\">hxxps:\/\/cdn[.]discordapp.com\/attachments\/889336010087989260\/889336402121199686\/avatar.jpg<\/span><\/li>\n<\/ul>\n<p><b>URLs<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">hxxp:\/\/www.code-nana.com\/pjje\/?t8LP2P=Mf6ydddwV\/QU6mZ4nnZxMBdzDcAr2xsvfTgD82WAzYYrxOcjLRrG5mXLygKxYmvGqlzJAQ==&amp;kPq8=K4Nh-6<\/span><\/li>\n<li><span class=\"rte-red-bullet\">hxxp:\/\/www.rajuherbalandspicegarden.com\/pjje\/?t8LP2P=DltNRLklEPawWuNnsQXifEZmZKsLvkDXv3cKYhiC\/0Bh3Q72JrrE\/8woD25qq\/vxSOxjNQ==&amp;kPq8=K4Nh-6<\/span><\/li>\n<li><span class=\"rte-red-bullet\">hxxp:\/\/www.swaplenders.com\/pjje\/?t8LP2P=TQtLDRoafbQM4\/pEtdovke1\/MPx0w24gCyByZx68z3lV5KTK6L4nUj2UtH2v2BgU+KkBhg==&amp;kPq8=K4Nh-6<\/span><\/li>\n<li><span class=\"rte-red-bullet\">hxxp:\/\/www.thechiropractor.vegas\/pjje\/?t8LP2P=rpNmzTsgN3WrlTJLsfA2BlL5A0hwTnOMjBBWuUAz4iRkWF3ty9m96ejMesY0+5JvVxns9g==&amp;kPq8=K4Nh-6<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/i\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trend Micro detected a new campaign using a recent version of the known FormBook infostealer. Newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":43124,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9555,9509],"class_list":["post-43123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-29T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1427\" \/>\n\t<meta property=\"og:image:height\" content=\"1036\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher\",\"datePublished\":\"2021-09-29T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/\"},\"wordCount\":1305,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/\",\"name\":\"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png\",\"datePublished\":\"2021-09-29T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png\",\"width\":1427,\"height\":1036},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/","og_locale":"en_US","og_type":"article","og_title":"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-09-29T00:00:00+00:00","og_image":[{"width":1427,"height":1036,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher","datePublished":"2021-09-29T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/"},"wordCount":1305,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/","url":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/","name":"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png","datePublished":"2021-09-29T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher.png","width":1427,"height":1036},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-40444-to-its-arsenal-threat-researcher-sr-vulnerability-researcher-sr-threat-researcher-sr-threat-researcher\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43123"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43123\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/43124"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}