Attackers are exploiting an old Microsoft Office vulnerability, CVE-2017-11882, in phishing campaigns to distribute the Agent Tesla malware. The phishing emails use decoy Excel documents attached in invoice-themed messages to trick recipients into opening them and activating the exploit. Once the Excel file initiates communication with a malicious destination, it downloads additional files without requiring further user interaction. The malware delivery chain involves an obfuscated Visual Basic Script initiating the download of a malicious JPG file with a Base64-encoded DLL file. This DLL is injected into RegAsm.exe, launching the final payload of Agent Tesla, a .NET-based keylogger and remote access trojan. The malware then communicates with a remote server to extract sensitive information. This exploitation of old security flaws highlights the importance of organizations staying updated on evolving cyber threats to secure their digital landscape.