CVE-2026-21509

Overview

Microsoft
Microsoft Office 2019

26 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.91%

MITRE

KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

8 Posts

Last activity: 4 hours ago

Fediverse

The IT Nerd @The_IT_Nerd

Why CVSS Scores Don’t Always Reflect an Exploit’s Actual Severity

Today we're covering Operation Neusploit, the advanced cyberespionage campaign identified by Zscaler ThreatLabz attributed with confidence to the Russia-linked APT28 (A.K.A. Fancy Bear) threat group, we're sharing this perspective on its 7.8 score. Neusploit weaponizes CVE-2026-21509, a Microsoft Office zero-day security bypass vulnerablity, to target government and executive organizations in Ukraine,…

https://itnerd.blog/2026/02/04/why-cvss-scores-dont-always-reflect-an-exploits-actual-severity/

0
0
0
4h ago

Bluesky

Packet Storm News @packetstorm.bsky.social

APT28 Leverages CVE-2026-21509 in Operation Neusploit https://packetstorm.news/news/view/40302 #news

0
0
0
22h ago

Michael Wyres @mwyr.es

APT28 Uses Microsoft Office CVE-2026-21509 In Espionage-Focused Malware Attacks - https://mwyr.es/rm5e6zLI #thn #infosec

0
0
0
20h ago

キタきつね @kitafox.bsky.social

ロシアのハッカーが最近修正されたMicrosoft Officeの脆弱性（CVE-2026-21509）を悪用している Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) #HelpNetSecurity (Feb 3) www.helpnetsecurity.com/2026/02/03/r...

0
0
0
19h ago

キタきつね @kitafox.bsky.social

APT28、スパイ活動に特化したマルウェア攻撃でMicrosoft OfficeのCVE-2026-21509を利用 APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks #HackerNews (Feb 3) thehackernews.com/2026/02/apt2...

0
0
0
10h ago

Virus Bulletin @virusbtn.bsky.social

Robin Dost details how APT28 uses CVE-2026-21509 in practice, relying on crafted RTF files that trigger OLE parsing without macros. The blog post walks through efficient IOC extraction from weaponised documents. blog.synapticsystems.de/apt28-geofen...

0
0
0
9h ago

Undercode Testing @undercode.bsky.social

Russian Hackers Weaponize Microsoft Office Zero-Day: A Deep Dive into CVE-2026-21509 and How to Fortify Your Defenses + Video Introduction: CVE-2026-21509 is a critical, actively exploited zero-day vulnerability in Microsoft Office that allows remote code execution via malicious DOC files.…

0
0
0
9h ago

Il Software @mm-ilsoftware-bot.bsky.social

Patch non ancora installate, exploit già in uso: il caso Office, CVE-2026-21509 e APT28 APT28 ha sfruttato lo zero-day CVE-2026-21509 in... https://www.ilsoftware.it/patch-non-ancora-installate-exploit-gia-in-uso-il-caso-office-cve-2026-21509-e-apt28/

0
0
0
4h ago

CVE-2025-40551

Overview

SolarWinds
Web Help Desk

28 Jan 2026

Published

04 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

22.94%

MITRE

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

7 Posts
3 Interactions

Last activity: 6 hours ago

Fediverse

TechNadu @technadu

CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html

Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.

#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

0
0
0
6h ago

Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 4 vulnerabilities to the KEV Catalog

https://darkwebinformer.com/cisa-kev-catalog/

CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability

CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability

CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability

1
2
0
23h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

A critical untrusted-data deserialization vulnerability in SolarWinds Web Help Desk (CVE-2025-40551) enables unauthenticated remote code execution and is actively exploited.

0
0
0
12h ago

ohhara @shiojiri.com

米CISA、SolarWinds製品における脆弱性の悪用を警告（CVE-2025-40551） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43766/

0
0
0
12h ago

Information Security Briefly @infosecbriefly.bsky.social

Threat actors are actively exploiting an unauthenticated deserialization RCE in SolarWinds Web Help Desk (CVE-2025-40551); immediate patching is required.

0
0
0
9h ago

Information Security Briefly @infosecbriefly.bsky.social

A critical remote-code-execution vulnerability CVE-2025-40551 in SolarWinds Web Help Desk is actively exploited; federal agencies must install the patch within three days.

0
0
0
8h ago

piggo @pigondrugs.bsky.social

~Cisa~ CISA added four actively exploited vulnerabilities affecting Sangoma, GitLab, and SolarWinds to its KEV catalog. - IOCs: CVE-2025-40551, CVE-2021-39935, CVE-2025-64328 - #CISA #KEV #ThreatIntel #Vulnerability

0
0
0
23h ago

CVE-2026-24061

Overview

GNU
Inetutils

21 Jan 2026

Published

29 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

29.55%

MITRE

KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

3 Posts
4 Interactions

Last activity: 1 hour ago

Fediverse

pentest-tools.com @pentesttools

🚨 Active exploitation confirmed: CVE-2026-24061.

This isn't just theoretical, it's a massive exposure. With nearly 800,000 Telnet instances exposed globally across legacy IoT and outdated servers, the risk of a root-level compromise is real and immediate.

We have updated Pentest-Tools.com to help you validate your exposure:

📡 Network Scanner - detects exposed Telnet services across your internal and external perimeters, identifying potentially vulnerable GNU Inetutils daemons.

🎯 Sniper Auto-Exploiter - safely executes a proof-of-concept to confirm if the authentication bypass is actually exploitable on your systems, providing the evidence needed to prioritize an immediate fix.

⚠️ Crucial detail: This critical vulnerability exists because telnetd fails to sanitize the USER environment variable. An attacker can simply supply -f root to bypass the login prompt entirely and gain instant, unauthenticated root shell access.

Attacks are happening in real-time. Validate your risk before it becomes a root-level compromise.

#offensivesecurity #ethicalhacking #infosec #cybersecurity

Check out more details about this critical vulnerability: https://pentest-tools.com/vulnerabilities-exploits/telnet-inetutils-authentication-bypass_28759

Detect with Network Scanner: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online

Validate with Sniper Auto-Exploiter: https://pentest-tools.com/exploit-helpers/sniper

2
2
0
3h ago

Corgi Dad @corgidad

Whatever your system is you need to patch in the fix for this CVE:

https://www.cve.org/CVERecord?id=CVE-2026-24061

The attack requires no credentials, no prior system access, and no user interaction.

Geez.

0
0
0
1h ago

Bluesky

Undercode Testing @undercode.bsky.social

The Telnet Time Bomb: How a Single Command (CVE-2026-24061) Grants Root Access and How to Defuse It + Video Introduction: A recently disclosed critical vulnerability, CVE-2026-24061, has exposed the profound dangers of legacy protocols in modern networks. This flaw in GNU telnetd, a service that…

0
0
0
7h ago

CVE-2025-8088

Overview

win.rar GmbH
WinRAR

08 Aug 2025

Published

21 Oct 2025

Updated

CVSS v4.0

HIGH (8.4)

EPSS

4.61%

MITRE

KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

4 Posts

Last activity: 2 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

China-linked Amaranth-Dragon (APT41-associated) carried out stealthy, narrowly focused cyber espionage against Southeast Asian government and law enforcement, exploiting WinRAR CVE-2025-8088.

0
0
0
4h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia

0
0
1
3h ago

piggo @pigondrugs.bsky.social

~Checkpoint~ Amaranth-Dragon (APT-41 nexus) exploits WinRAR CVE-2025-8088 in espionage campaigns targeting government entities in Southeast Asia. - IOCs: 92. 223. 120. 10, 93. 123. 17. 151, dns. annasoft. gcdn. co - #APT41 #CVE20258088 #ThreatIntel

0
0
0
2h ago

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

11 Dec 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

57.94%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

3 Posts
11 Interactions

Last activity: 9 hours ago

Fediverse

GreyNoise @greynoise

Two IPs now generate 56% of all CVE-2025-55182 exploitation traffic.

One deploys cryptominers. The other opens reverse shells.

We dug into the infrastructure. What we found goes back to 2020.

https://www.greynoise.io/blog/react2shell-exploitation-consolidates

8
3
1
22h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

A critical React.js vulnerability (CVE-2025-55182) enables unauthenticated RCE and has triggered mass exploitation and cryptominer deployments.

0
0
0
9h ago

CVE-2025-62203

Overview

Microsoft
Office Online Server

11 Nov 2025

Published

02 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.08%

MITRE

KEV

Description

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Statistics

2 Posts
2 Interactions

Last activity: 22 hours ago

Fediverse

buherator @buherator

[RSS] Micropatches released for Microsoft Excel Remote Code Execution Vulnerability (CVE-2025-62203)

https://blog.0patch.com/2026/02/micropatches-released-for-microsoft.html

0
1
0
22h ago

Bluesky

buherator @buherator.bsky.social

[RSS] Micropatches released for Microsoft Excel Remote Code Execution Vulnerability (CVE-2025-62203) blog.0patch.com -> Original->

1
0
0
22h ago

CVE-2025-11953

Overview

@react-native-community/cli-server-api

03 Nov 2025

Published

04 Dec 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.40%

MITRE

KEV

Description

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.

Statistics

3 Posts
1 Interaction

Last activity: 5 hours ago

Fediverse

Sam Stepanyan :verified: 🐘 @securestep9

#ReactNative: Critical vulnerability in Metro server for #React Native CVE-2025-11953 allows unauthenticated attackers to execute arbitrary OS commands via a POST request is actively exploited - patch now!
#Metro4Shell
#SoftwareSupplyChainSecurity
👇

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/

0
1
1
9h ago

Bluesky

Mert SARICA @hack4career.com

CVE-2025-11953 (Metro4Shell) in React Native Metro Server Enables RCE socradar.io/blog/cve-202...

0
0
0
5h ago

CVE-2026-1281

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

16.41%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

1 Post
10 Interactions

Last activity: 2 hours ago

Fediverse

⠠⠵ avuko @avuko

Only quickly popping on here from an otherwise very nice Fediverse vacation, because NCSC-NL has just put out an “assume-breach” warning. That’s… kinda big.

https://www.ncsc.nl/waarschuwing/ncsc-roept-organisaties-op-zich-te-melden-bij-gebruik-van-ivanti-endpoint-manager (Dutch)

#Ivanti #CVE20261281 #EPMM #MobileIron #NCSC_NL #Cybersecurity #infosec #IOC #NCSC

6
4
0
2h ago

CVE-2026-25253

Overview

OpenClaw
OpenClaw

01 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.04%

MITRE

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

2 Posts

Last activity: 1 hour ago

Bluesky

IT-Connect @it-connect.bsky.social

⚠️ OpenClaw – CVE-2026-25253 : un lien malveillant suffit à exécuter du code à distance en 1-clic Tous les détails par ici 👇 - www.it-connect.fr/openclaw-cve... #OpenClaw #Moltbot #IA #infosec #cybersecurite

0
0
0
1h ago

OpsMatters @opsmatters.com

The latest update for #Foresiet includes "CVE-2026-25253: OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link" and "CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Zero-Day Analysis". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz

0
0
0
16h ago

CVE-2026-24858

Overview

Fortinet
FortiProxy

27 Jan 2026

Published

29 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

3.71%

MITRE

KEV

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Statistics

2 Posts

Last activity: 6 hours ago

Fediverse

Daniel Kuhl ✌🏻☮️☕️ @daniel1820815

Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤

https://www.security-insider.de/fortinet-forticloud-sso-sicherheitsluecke-update-hinweis-a-d9d9dfe68f01b9e30623b3074dacc635/

#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858

0
0
0
6h ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #Foresiet includes "CVE-2026-25253: OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link" and "CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Zero-Day Analysis". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz

0
0
0
16h ago