CVE-2026-21509

Overview

Microsoft
Microsoft Office 2019

26 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.91%

MITRE

KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

9 Posts
6 Interactions

Last activity: Last hour

Fediverse

Joaquim Homrighausen @joho

"Microsoft Office zero-day actively exploited" 🕵️ 🙄

(CVSS 7.8)

https://hackingpassion.com/office-zero-day-cve-2026-21509

#cve202621509 #cybersec #cybersecurity #infosec #microsoft #office #microsoftoffice #ole

0
1
0
4h ago

ekiledjian @edwardk

Russian hackers, identified as APT28, are actively exploiting a recently patched Microsoft Office vulnerability (CVE-2026-21509) to deploy malware, including the COVENANT framework, via malicious documents. These attacks, targeting Ukrainian and other EU organizations, utilize a complex download chain involving COM hijacking and cloud storage for command-and-control.
https://www.bleepingcomputer.com/news/security/russian-hackers-exploit-recently-patched-microsoft-office-bug-in-attacks/

0
0
0
3h ago

Bluesky

BleepingComputer @bleepingcomputer.com

Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.

1
4
0
9h ago

Blacky @coldblacksun.bsky.social

Ukraine’s Computer Emergency Response Team has warned of a new wave of targeted cyberattacks exploiting a critical MS Office vulnerability (CVE-2026-21509) disclosed on January 26, 2026 cert.gov.ua/article/6287...

0
0
0
14h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

CERT-UA Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542)

0
0
0
10h ago

piggo @pigondrugs.bsky.social

~Zscaler~ APT28 is actively exploiting CVE-2026-21509 via malicious RTF files to deploy backdoors against targets in Central and Eastern Europe. - IOCs: CVE-2026-21509 - #APT28 #CVE202621509 #ThreatIntel

0
0
0
9h ago

Javvad Malik @j4vv4d.com

Microsoft Office Zero-Day Vulnerability, CVE-2026-21509, Under Active Exploitation cybersec.xmcyber.com/s/microsoft-...

0
0
0
7h ago

us-nb.bsky.social @us-nb.bsky.social

Russian hackers exploit recently patched Microsoft Office bug in attacks https://www.newsbeep.com/us/445936/ Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple…

0
0
0
Last hour

ohhara @shiojiri.com

ロシア関連アクターAPT28がMicrosoft Officeのゼロデイを攻撃に利用（CVE-2026-21509） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43749/

0
0
0
Last hour

CVE-2026-25253

Overview

OpenClaw
OpenClaw

01 Feb 2026

Published

02 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.04%

MITRE

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

3 Posts
3 Interactions

Last activity: 8 hours ago

Fediverse

HackerWorkspace @hackerworkspace

depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)

https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys

#databreach #vulnerability #exploit #openclaw #moltbot

2
1
0
8h ago

Anonymous :verified: @youranonnewsirc

Here's a summary of the latest global, technology, and cybersecurity news from the last 24-48 hours:

**Global:** US-Iran talks on a nuclear deal are progressing, though Iran warned of regional war if attacked (Feb 1-2). A Russian drone strike killed 15 mineworkers in Dnipro, Ukraine (Feb 1).

**Tech/Cybersecurity:** ETSI launched a new, globally applicable cybersecurity standard for AI models (ETSI EN 304 223, Feb 2). A critical remote code execution (RCE) flaw in the OpenClaw AI assistant (CVE-2026-25253) was disclosed (Feb 2). AI-driven cyber threats are escalating, and Microsoft's extensive AI infrastructure spending is raising Wall Street concerns (Jan 30 - Feb 2).

#News #Anonymous #AnonNews_irc

0
0
0
10h ago

Bluesky

0xacb @0xacb.com

💥 One click could completely compromise a OpenClaw / Moltbot / Clawdbot (CVE-2026-25253) The vulnerability is now fixed, but here's how it worked:

0
0
0
20h ago

CVE-2025-47397

Overview

Qualcomm, Inc.
Snapdragon

02 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

Pending

MITRE

KEV

Description

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.

Statistics

3 Posts

Last activity: 10 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-47397 - High (7.8)

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47397/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
13h ago

Zhuowei Zhang @zhuowei

Qualcomm released the security bulletin for February 2026: CVE-2025-47397 is the GPU IOMMU issue mentioned in 39c3’s Build a Fake Phone, Find Real Bugs session. (at the 28 minute mark) The presenter said that they’ll “update the presentation’s repository with the technical details once the CVE is shared publicly”, Looking forward to reading that…

0
0
0
10h ago

Zhuowei Zhang @zhuowei

Qualcomm’s CVE-2025-47397 patch doesn’t make sense on kernel 5.10: 5.10 isn’t vulnerable to the issue in the first place!

The bug was only introduced in kernel 5.15.

(Interestingly, some poor dev at MediaTek hit the exact same bug in 2022: searching for “iommu_map_sg cve” gives me this fix commit)

0
0
0
10h ago

CVE-2025-15467

Overview

OpenSSL
OpenSSL

27 Jan 2026

Published

29 Jan 2026

Updated

CVSS

Pending

EPSS

0.39%

MITRE

KEV

Description

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

2 Posts

Last activity: 6 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 OpenSSL: débordement de pile CVE-2025-15467 exposant à une exécution de code (RCE) 📝 Selon JFrog Security Research (research.jfrog.com), une nouvelle v… https://cyberveille.ch/posts/2026-02-02-openssl-debordement-de-pile-cve-2025-15467-exposant-a-une-execution-de-code-rce/ #CMS_PKCS_7 #Cyberveille

0
0
0
15h ago

SkynetAndChill.com @druce.ai

AISLE's autonomous analysis discovered 12 previously undisclosed OpenSSL vulnerabilities and flagged six more, including CVE-2025-15467 and CVE-2025-15469, and OpenSSL maintainers praised high quality of the reports and constructive collaboration.

0
0
0
6h ago

CVE-2023-38346

Overview

Pending

22 Sep 2023

Published

25 Sep 2024

Updated

CVSS

Pending

EPSS

1.23%

MITRE

KEV

Description

An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.

Statistics

1 Post
6 Interactions

Last activity: 9 hours ago

Fediverse

floyd aka floyd_ch @floyd

RE: https://mastodon.social/@bagder/116001950411560304

My CVEs are still at 0 medals, but thanks to VxWorks I was able to achieve a CVE on Mars (#Curiosity rover, CVE-2023-38346) 😉

Btw. if anyone from #NASA could confirm curiosity was/is really affected (but probably without attack vector so no impact I guess), that would mean a lot to me

3
3
0
9h ago

CVE-2026-1281

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

13.12%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

2 Posts
3 Interactions

Last activity: 7 hours ago

Fediverse

Christoph Schmees @PC_Fluesterer

Ivanti: Notfall-Update gegen Zero-Days

Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt

https://www.pc-fluesterer.info/wordpress/2026/02/02/ivanti-notfall-update-gegen-zero-days/

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday

3
0
0
14h ago

Bluesky

キタきつね @kitafox.bsky.social

Ivanti Endpoint Manager Mobile（EPMM）の脆弱性（CVE-2026-1281、CVE-2026-1340）に関する注意喚起 #JPCERTCC (Jan 30) www.jpcert.or.jp/at/2026/at26...

0
0
0
7h ago

CVE-2026-1340

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.14%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

2 Posts
3 Interactions

Last activity: 7 hours ago

Fediverse

Christoph Schmees @PC_Fluesterer

Ivanti: Notfall-Update gegen Zero-Days

Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt

https://www.pc-fluesterer.info/wordpress/2026/02/02/ivanti-notfall-update-gegen-zero-days/

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday

3
0
0
14h ago

Bluesky

キタきつね @kitafox.bsky.social

Ivanti Endpoint Manager Mobile（EPMM）の脆弱性（CVE-2026-1281、CVE-2026-1340）に関する注意喚起 #JPCERTCC (Jan 30) www.jpcert.or.jp/at/2026/at26...

0
0
0
7h ago

CVE-2026-24070

Overview

Native Instruments
Native Access

02 Feb 2026

Published

02 Feb 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC service of the privileged helper is only allowed if the client process is signed with the corresponding certificate and fulfills the following code signing requirement: "anchor trusted and certificate leaf[subject.CN] = \"Developer ID Application: Native Instruments GmbH (83K5EG6Z9V)\"" The Native Access application was found to be signed with the `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` entitlements leading to DYLIB injection and therefore command execution in the context of this application. A low privileged user can exploit the DYLIB injection to trigger functions of the privileged helper XPC service resulting in privilege escalation by first deleting the /etc/sudoers file and then copying a malicious version of that file to /etc/sudoers.

Statistics

1 Post
1 Interaction

Last activity: 11 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-24070 - High (8.8)

During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is de...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24070/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

1
0
0
11h ago

CVE-2019-15006

Overview

Atlassian
Confluence Server

19 Dec 2019

Published

17 Sep 2024

Updated

CVSS

Pending

EPSS

0.67%

MITRE

KEV

Description

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information.

Statistics

1 Post
3 Interactions

Last activity: 12 hours ago

Fediverse

Fritz Adalis @FritzAdalis

@rk @hrbrmstr
Are you forgetting CVE-2019-15006 by Taylor Swift on Security?

0
3
0
12h ago

CVE-2026-21858

Overview

n8n-io
n8n

07 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

5.37%

MITRE

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

1 Post
1 Interaction

Last activity: 19 hours ago

Fediverse

CVEDatabase.com @cvedatabase

RCE Threat in Workflow Automation
⚠️ CVE-2026-21858 — Critical unauthenticated remote code execution in n8n self-hosted instances can allow complete takeover if left unpatched.
Check remediation guidance here:
👉 https://cvedatabase.com/cve/CVE-2026-21858 #CyberSecurity #DevOps

0
1
0
19h ago