CVE-2026-21509

Overview

Microsoft
Microsoft Office 2019

26 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.91%

MITRE

KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

6 Posts

Last activity: Last hour

Fediverse

The IT Nerd @The_IT_Nerd

Why CVSS Scores Don’t Always Reflect an Exploit’s Actual Severity

Today we're covering Operation Neusploit, the advanced cyberespionage campaign identified by Zscaler ThreatLabz attributed with confidence to the Russia-linked APT28 (A.K.A. Fancy Bear) threat group, we're sharing this perspective on its 7.8 score. Neusploit weaponizes CVE-2026-21509, a Microsoft Office zero-day security bypass vulnerablity, to target government and executive organizations in Ukraine,…

https://itnerd.blog/2026/02/04/why-cvss-scores-dont-always-reflect-an-exploits-actual-severity/

0
0
0
10h ago

Bluesky

キタきつね @kitafox.bsky.social

APT28、スパイ活動に特化したマルウェア攻撃でMicrosoft OfficeのCVE-2026-21509を利用 APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks #HackerNews (Feb 3) thehackernews.com/2026/02/apt2...

0
0
0
16h ago

Virus Bulletin @virusbtn.bsky.social

Robin Dost details how APT28 uses CVE-2026-21509 in practice, relying on crafted RTF files that trigger OLE parsing without macros. The blog post walks through efficient IOC extraction from weaponised documents. blog.synapticsystems.de/apt28-geofen...

0
0
0
15h ago

Undercode Testing @undercode.bsky.social

Russian Hackers Weaponize Microsoft Office Zero-Day: A Deep Dive into CVE-2026-21509 and How to Fortify Your Defenses + Video Introduction: CVE-2026-21509 is a critical, actively exploited zero-day vulnerability in Microsoft Office that allows remote code execution via malicious DOC files.…

0
0
0
14h ago

Il Software @mm-ilsoftware-bot.bsky.social

Patch non ancora installate, exploit già in uso: il caso Office, CVE-2026-21509 e APT28 APT28 ha sfruttato lo zero-day CVE-2026-21509 in... https://www.ilsoftware.it/patch-non-ancora-installate-exploit-gia-in-uso-il-caso-office-cve-2026-21509-e-apt28/

0
0
0
9h ago

Information Security Briefly @infosecbriefly.bsky.social

Russian-state hackers weaponized Microsoft Office vulnerability CVE-2026-21509 within 48 hours to deploy encrypted, fileless in-memory backdoors against diplomatic, maritime, and transport organizations.

0
0
0
Last hour

CVE-2026-25049

Overview

n8n-io
n8n

04 Feb 2026

Published

04 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.4)

EPSS

Pending

MITRE

KEV

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.

Statistics

5 Posts
3 Interactions

Last activity: 1 hour ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

‼️CVE-2026-25049: N8n AI Workflow Remote Code Execution

"This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly, it can lead to full server compromise depending on deployment configuration."

Video Credit: youtube.com/@SecureLayer7

1
2
0
3h ago

ekiledjian @edwardk

Critical n8n flaws (CVE-2026-25049) have been disclosed, allowing authenticated users to achieve remote code execution and gain complete control of the host server by bypassing sanitization mechanisms. Users are advised to update to the latest version (1.123.17 and 2.5.2) and rotate credentials to mitigate these vulnerabilities.
https://www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/

0
0
0
2h ago

Bluesky

/r/netsec @r-netsec-bot.bsky.social

2026: New N8N RCE Deep Dive into CVE-2026-25049

0
0
1
2h ago

Information Security Briefly @infosecbriefly.bsky.social

Authenticated users who can create or edit n8n workflows can escape sandboxes to achieve remote code execution and full server takeover (CVE-2026-25049).

0
0
0
1h ago

CVE-2025-8088

Overview

win.rar GmbH
WinRAR

08 Aug 2025

Published

21 Oct 2025

Updated

CVSS v4.0

HIGH (8.4)

EPSS

4.61%

MITRE

KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

5 Posts

Last activity: 2 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

China-linked Amaranth-Dragon (APT41-associated) carried out stealthy, narrowly focused cyber espionage against Southeast Asian government and law enforcement, exploiting WinRAR CVE-2025-8088.

0
0
0
9h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia

0
0
1
8h ago

piggo @pigondrugs.bsky.social

~Checkpoint~ Amaranth-Dragon (APT-41 nexus) exploits WinRAR CVE-2025-8088 in espionage campaigns targeting government entities in Southeast Asia. - IOCs: 92. 223. 120. 10, 93. 123. 17. 151, dns. annasoft. gcdn. co - #APT41 #CVE20258088 #ThreatIntel

0
0
0
7h ago

Undercode Testing @undercode.bsky.social

The Silent Startup Sabotage: How CVE-2025-8088 Turns WinRAR into a Hacker’s Backdoor + Video Introduction: A critical vulnerability in the ubiquitous WinRAR archiving software, designated CVE-2025-8088, is under active exploitation by sophisticated threat actors. This high-severity flaw allows…

0
0
0
2h ago

CVE-2026-24061

Overview

GNU
Inetutils

21 Jan 2026

Published

29 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

29.55%

MITRE

KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

3 Posts
5 Interactions

Last activity: 6 hours ago

Fediverse

pentest-tools.com @pentesttools

🚨 Active exploitation confirmed: CVE-2026-24061.

This isn't just theoretical, it's a massive exposure. With nearly 800,000 Telnet instances exposed globally across legacy IoT and outdated servers, the risk of a root-level compromise is real and immediate.

We have updated Pentest-Tools.com to help you validate your exposure:

📡 Network Scanner - detects exposed Telnet services across your internal and external perimeters, identifying potentially vulnerable GNU Inetutils daemons.

🎯 Sniper Auto-Exploiter - safely executes a proof-of-concept to confirm if the authentication bypass is actually exploitable on your systems, providing the evidence needed to prioritize an immediate fix.

⚠️ Crucial detail: This critical vulnerability exists because telnetd fails to sanitize the USER environment variable. An attacker can simply supply -f root to bypass the login prompt entirely and gain instant, unauthenticated root shell access.

Attacks are happening in real-time. Validate your risk before it becomes a root-level compromise.

#offensivesecurity #ethicalhacking #infosec #cybersecurity

Check out more details about this critical vulnerability: https://pentest-tools.com/vulnerabilities-exploits/telnet-inetutils-authentication-bypass_28759

Detect with Network Scanner: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online

Validate with Sniper Auto-Exploiter: https://pentest-tools.com/exploit-helpers/sniper

2
2
0
9h ago

Corgi Dad @corgidad

Whatever your system is you need to patch in the fix for this CVE:

https://www.cve.org/CVERecord?id=CVE-2026-24061

The attack requires no credentials, no prior system access, and no user interaction.

Geez.

0
1
0
6h ago

Bluesky

Undercode Testing @undercode.bsky.social

The Telnet Time Bomb: How a Single Command (CVE-2026-24061) Grants Root Access and How to Defuse It + Video Introduction: A recently disclosed critical vulnerability, CVE-2026-24061, has exposed the profound dangers of legacy protocols in modern networks. This flaw in GNU telnetd, a service that…

0
0
0
13h ago

CVE-2025-11953

Overview

@react-native-community/cli-server-api

03 Nov 2025

Published

04 Dec 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.40%

MITRE

KEV

Description

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.

Statistics

4 Posts
1 Interaction

Last activity: 2 hours ago

Fediverse

Sam Stepanyan :verified: 🐘 @securestep9

#ReactNative: Critical vulnerability in Metro server for #React Native CVE-2025-11953 allows unauthenticated attackers to execute arbitrary OS commands via a POST request is actively exploited - patch now!
#Metro4Shell
#SoftwareSupplyChainSecurity
👇

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/

0
1
1
14h ago

Bluesky

Mert SARICA @hack4career.com

CVE-2025-11953 (Metro4Shell) in React Native Metro Server Enables RCE socradar.io/blog/cve-202...

0
0
0
11h ago

CyberVeille @cyberveille-ch.bsky.social

📢 Exploitation active de CVE-2025-11953 (« Metro4Shell ») sur Metro (React Native) observée par VulnCheck 📝 Selon VulnCheck, des expl… https://cyberveille.ch/posts/2026-02-04-exploitation-active-de-cve-2025-11953-metro4shell-sur-metro-react-native-observee-par-vulncheck/ #CVE_2025_11953 #Cyberveille

0
0
0
2h ago

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

11 Dec 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

57.94%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

3 Posts

Last activity: 2 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

A critical React.js vulnerability (CVE-2025-55182) enables unauthenticated RCE and has triggered mass exploitation and cryptominer deployments.

0
0
0
14h ago

Undercode Testing @undercode.bsky.social

From Zero to Hero: How I Uncovered a Critical RCE Vulnerability (CVE-2025-55182) and What It Means for Cybersecurity + Video Introduction: In the ever-evolving landscape of cybersecurity, remote code execution (RCE) vulnerabilities remain among the most severe threats, allowing attackers to take…

0
0
0
5h ago

キタきつね @kitafox.bsky.social

包囲攻撃を受けたReact：2つのIPアドレスが重大なCVE-2025-55182攻撃の56%を誘発 React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks #DailyCyberSecurity (Feb 4) securityonline.info/react-under-...

0
0
0
2h ago

CVE-2025-40551

Overview

SolarWinds
Web Help Desk

28 Jan 2026

Published

04 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

22.94%

MITRE

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

6 Posts

Last activity: 12 hours ago

Fediverse

TechNadu @technadu

CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html

Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.

#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

0
0
0
12h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

A critical untrusted-data deserialization vulnerability in SolarWinds Web Help Desk (CVE-2025-40551) enables unauthenticated remote code execution and is actively exploited.

0
0
1
17h ago

ohhara @shiojiri.com

米CISA、SolarWinds製品における脆弱性の悪用を警告（CVE-2025-40551） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43766/

0
0
0
17h ago

Information Security Briefly @infosecbriefly.bsky.social

Threat actors are actively exploiting an unauthenticated deserialization RCE in SolarWinds Web Help Desk (CVE-2025-40551); immediate patching is required.

0
0
0
14h ago

Information Security Briefly @infosecbriefly.bsky.social

A critical remote-code-execution vulnerability CVE-2025-40551 in SolarWinds Web Help Desk is actively exploited; federal agencies must install the patch within three days.

0
0
0
14h ago

CVE-2026-24513

Overview

Kubernetes
ingress-nginx

03 Feb 2026

Published

04 Feb 2026

Updated

CVSS v3.1

LOW (3.1)

EPSS

0.03%

MITRE

KEV

Description

A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails. Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.

Statistics

5 Posts
2 Interactions

Last activity: 2 hours ago

Bluesky

K8sContributors @kubernetes.dev

CVE-2026-24513: ingress-nginx auth-url protection bypass -

0
2
2
11h ago

Checkmarx Zero @checkmarxzero.bsky.social

⚪ CVE-2026-24513 is a bypass of the protection afforded by the "auth-url" ingress when a misconfiguration is in place.

0
0
0
2h ago

Checkmarx Zero @checkmarxzero.bsky.social

⏳ With EOL in March, Ingress #NGINX has 4 newly disclosed vulnerabilities: #CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, and CVE-2026-24514. We recommend that you migrate to F5's NGINX Ingress: buff.ly/vqTJvPK If you can’t migrate yet, update to v1.14.3. More details on each CVE below.

0
0
0
2h ago

CVE-2026-1281

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

16.41%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

1 Post
10 Interactions

Last activity: 8 hours ago

Fediverse

⠠⠵ avuko @avuko

Only quickly popping on here from an otherwise very nice Fediverse vacation, because NCSC-NL has just put out an “assume-breach” warning. That’s… kinda big.

https://www.ncsc.nl/waarschuwing/ncsc-roept-organisaties-op-zich-te-melden-bij-gebruik-van-ivanti-endpoint-manager (Dutch)

#Ivanti #CVE20261281 #EPMM #MobileIron #NCSC_NL #Cybersecurity #infosec #IOC #NCSC

6
4
0
8h ago

CVE-2026-24512

Overview

Kubernetes
ingress-nginx

03 Feb 2026

Published

04 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.10%

MITRE

KEV

Description

A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Statistics

3 Posts
2 Interactions

Last activity: 2 hours ago

Fediverse

GOMOOT :mastodon: @gomoot

💡 CVE-2026-24512: la vulnerabilità di ingress-NGINX che minaccia i cluster Kubernetes

https://gomoot.com/cve-2026-24512-la-vulnerabilita-di-ingress-nginx-che-minaccia-i-cluster-kubernetes/

#news #sicurezza #tech

2
0
0
7h ago

Bluesky

Checkmarx Zero @checkmarxzero.bsky.social

🔴 CVE-2026-1580 and CVE-2026-24512 allow for config #injection via the "nginx.ingress.kubernetes.io/auth-method" ingress annotation and the "rules.http.paths.path" ingress field, respectively. 🟡 CVE-2026-24514 is a #DoS in the ingress-nginx admission controller, triggered by sending large requests.

0
0
0
2h ago

Checkmarx Zero @checkmarxzero.bsky.social

⏳ With EOL in March, Ingress #NGINX has 4 newly disclosed vulnerabilities: #CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, and CVE-2026-24514. We recommend that you migrate to F5's NGINX Ingress: buff.ly/vqTJvPK If you can’t migrate yet, update to v1.14.3. More details on each CVE below.

0
0
0
2h ago