24h | 7d | 30d

CVE-2026-21509

Overview

Microsoft
Microsoft Office 2019

26 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.91%

MITRE

KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

24 Posts
21 Interactions

Last activity: 1 hour ago

Fediverse

Catalin Cimpanu @campuscodi

RE: https://mastodon.social/@campuscodi/116006284031729445

More on this campaign from Zscaler: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit

Other targets also include Romania and Slovakia

5
6
0
5h ago

Joaquim Homrighausen @joho

"Microsoft Office zero-day actively exploited" 🕵️ 🙄

(CVSS 7.8)

https://hackingpassion.com/office-zero-day-cve-2026-21509

#cve202621509 #cybersec #cybersecurity #infosec #microsoft #office #microsoftoffice #ole

0
1
0
17h ago

Anonymous :verified: @youranonnewsirc

Bluesky

BleepingComputer @bleepingcomputer.com

Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.

1
4
2
22h ago

WinFuture.de @winfuture.de

Fancy Bear schläft nicht: Die #Microsoft Office-Schwachstelle CVE-2026-21509 wird von russischen Hackern für gezielte Angriffe auf Behörden in der Ukraine und der EU genutzt. Patch dringend empfohlen.

1
1
1
12h ago

Virus Bulletin @virusbtn.bsky.social

Zscaler ThreatLabz reports on Operation Neusploit, a January 2026 campaign targeting Central and Eastern Europe. Weaponised Microsoft RTF files exploit CVE-2026-21509 to deliver multi-stage backdoors. The campaign is attributed to APT28 with high confidence. www.zscaler.com/blogs/securi...

0
1
0
5h ago

piggo @pigondrugs.bsky.social

~Zscaler~ APT28 is actively exploiting CVE-2026-21509 via malicious RTF files to deploy backdoors against targets in Central and Eastern Europe. - IOCs: CVE-2026-21509 - #APT28 #CVE202621509 #ThreatIntel

0
0
0
23h ago

Javvad Malik @j4vv4d.com

Microsoft Office Zero-Day Vulnerability, CVE-2026-21509, Under Active Exploitation cybersec.xmcyber.com/s/microsoft-...

0
0
0
20h ago

us-nb.bsky.social @us-nb.bsky.social

Russian hackers exploit recently patched Microsoft Office bug in attacks https://www.newsbeep.com/us/445936/ Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple…

0
0
0
14h ago

ohhara @shiojiri.com

ロシア関連アクターAPT28がMicrosoft Officeのゼロデイを攻撃に利用（CVE-2026-21509） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43749/

0
0
0
13h ago

Information Security Briefly @infosecbriefly.bsky.social

Russia-linked UAC-0001 exploited CVE-2026-21509 in malicious Office RTFs to deliver MiniDoor and PixyNetLoader targeting users in Ukraine, Slovakia, and Romania.

0
0
0
9h ago

Cyber Threat Feeds @montxt.bsky.social

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html

0
0
0
9h ago

Information Security Briefly @infosecbriefly.bsky.social

APT28 quickly weaponized Microsoft's patched Office vulnerability CVE-2026-21509, deploying droppers and additional malware such as MiniDoor within days of the patch release.

0
0
0
7h ago

ReconBee @reconbee.bsky.social

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks reconbee.com/apt28-uses-m... #APT28 #microsoftoffice #microsoft #Espionage #malware #malwareattack #cyberattacks

0
0
0
7h ago

780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social

Russia-linked APT28 Leverages CVE-2026-21509 in Operation Neusploit Zscaler www.zscaler.com/blogs/securi... @zscalerinc.bsky.social

0
0
0
6h ago

Coca News @cocanews.bsky.social

ロシア関連アクターAPT28がMicrosoft Officeのゼロデイを攻撃に利用（CVE-2026-21509） | Codebook｜Security News https://www.wacoca.com/news/2759664/ ロシア関連アクターAPT28がMicrosoft Officeのゼロデイを攻撃に利用（CVE-2026-21509） The Register – Mon 2 Feb 2026 ウクライナのCERT-UAによると、ロシア [...]

0
0
0
5h ago

CyberMaterial @cybermaterial.bsky.social

APT28 Exploits Office CVE 2026 21509 Read More: buff.ly/QVm26kR #APT28 #UAC0001 #CVE202621509 #MicrosoftOffice #NationStateThreat #CyberEspionage #ThreatIntel #MalwareCampaign

0
0
0
4h ago

Ninja Owl @ninjaowl.ai

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
0
3h ago

Sami Laiho @samilaiho.com

APT28 Leverages CVE-2026-21509 in Operation Neusploit www.zscaler.com/blogs/securi...

0
0
0
1h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

Operation Neusploit: APT28 Uses CVE-2026-21509

0
0
0
1h ago

CVE-2026-25253

Overview

OpenClaw
OpenClaw

01 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.04%

MITRE

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

7 Posts
5 Interactions

Last activity: 1 hour ago

Fediverse

HackerWorkspace @hackerworkspace

depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)

https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys

#databreach #vulnerability #exploit #openclaw #moltbot

2
1
0
21h ago

Anonymous :verified: @youranonnewsirc

Here's a summary of the latest global, technology, and cybersecurity news from the last 24-48 hours:

**Global:** US-Iran talks on a nuclear deal are progressing, though Iran warned of regional war if attacked (Feb 1-2). A Russian drone strike killed 15 mineworkers in Dnipro, Ukraine (Feb 1).

**Tech/Cybersecurity:** ETSI launched a new, globally applicable cybersecurity standard for AI models (ETSI EN 304 223, Feb 2). A critical remote code execution (RCE) flaw in the OpenClaw AI assistant (CVE-2026-25253) was disclosed (Feb 2). AI-driven cyber threats are escalating, and Microsoft's extensive AI infrastructure spending is raising Wall Street concerns (Jan 30 - Feb 2).

#News #Anonymous #AnonNews_irc

0
0
0
23h ago

benzogaga33 :verified: @benzogaga33

OpenClaw – CVE-2026-25253 : un lien malveillant suffit à exécuter du code à distance en 1-clic https://www.it-connect.fr/openclaw-cve-2026-25253-un-lien-malveillant-suffit-a-executer-du-code-a-distance-en-1-clic/ #ActuCybersécurité #Cybersécurité #IA

0
0
0
2h ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

Most instances are across various cloud providers. Our reporting is for awareness purposes. OpenClaw has had various security risks highlighted recently (such as for example www.wiz.io/blog/exposed... & CVE-2026-25253 (1-Click RCE via Authentication Token Exfiltration)

0
2
0
1h ago

Information Security Briefly @infosecbriefly.bsky.social

Critical token-exfiltration vulnerability CVE-2026-25253 allowed attackers to hijack OpenClaw instances via malicious websites; patched in version 2026.1.29.

0
0
0
5h ago

Modat @modat-io.bsky.social

⚠️CVE-2026-25253: 1-click RCE in OpenClaw. A crafted link leaks gateway tokens via WebSocket, enabling host command execution even on localhost. Fixed v2026.1.29 patch & rotate tokens. Query: web.title~"Clawdbot Control" OR web.title~"OpenClaw Control" OR web.title~"Moltbot Control" magnify.modat.io

0
0
0
3h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

Hunting OpenClaw Exposures: CVE-2026-25253 in Internet-Facing AI Agent Gateways

0
0
0
1h ago

CVE-2025-11953

Overview

@react-native-community/cli-server-api

03 Nov 2025

Published

04 Dec 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.40%

MITRE

KEV

Description

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.

Statistics

5 Posts
2 Interactions

Last activity: 1 hour ago

Fediverse

Caitlin Condon @catc0n

Our team wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which VulnCheck's Canary Intelligence network detected for the first time in December 2025.

https://www.vulncheck.com/blog/metro4shell_eitw

0
1
0
1h ago

tomcat @tomcat

🚨 Researchers detect active exploitation of a critical React Native CLI flaw.

CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers, with attacks deploying PowerShell and a Rust payload.

🔗 Read → https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html

0
1
0
1h ago

ekiledjian @edwardk

Hackers are actively exploiting a critical remote code execution vulnerability (CVE-2025-11953) in React Native's Metro Development Server to deliver malware on Windows and Linux systems. The vulnerability, dubbed Metro4Shell, stems from an OS command injection flaw in the /open-url endpoint and has a critical CVSS score of 9.8, yet exploitation is occurring before widespread public awareness.
https://cybersecuritynews.com/react-native-metro-server-exploit/

0
0
0
1h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

Critical CVE-2025-11953 (Metro4Shell) in React Native's Community CLI/Metro is being actively exploited since December, exposing thousands of internet-accessible instances.

0
0
0
5h ago

Information Security Briefly @infosecbriefly.bsky.social

CVE-2025-11953 (Metro4Shell) is actively exploited to achieve unauthenticated remote command execution and deliver persistent, Rust-based malware via a PowerShell loader.

0
0
0
3h ago

CVE-2026-24512

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts
2 Interactions

Last activity: 1 hour ago

Fediverse

Chris Short @ChrisShort

CVE-2026-24512 #devopsish #kubernetes #cve https://github.com/kubernetes/kubernetes/issues/136678

1
1
0
1h ago

K8sContributors @K8sContributors

CVE-2026-24512: ingress-nginx rules.http.paths.path nginx configuration injection - https://github.com/kubernetes/kubernetes/issues/136678

0
0
0
3h ago

CVE-2026-24061

Overview

GNU
Inetutils

21 Jan 2026

Published

29 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

29.55%

MITRE

KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

2 Posts

Last activity: 7 hours ago

Fediverse

const_data @const_data

#infosec #linux #vulnerability

Un fallo de seguridad (exploit) encontrado recientemente expuso casi 800.000 servicios a Telnet a nivel mundial.

Según la Base de Datos de Vulnerabilidad Nacional (NVD) el exploit CVE-2026-24061 afecta a las versiones 1.9.3 a 2.7.

Estás versiones permiten al cliente pasar un valor de la variable de entorno USER al servidor e iniciar sesión como usuario root omitiendo la autenticación.

1/2

0
0
0
23h ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 Critical #Ubuntu Security Alert: CVE-2026-24061 Auth Bypass in inetutils-telnetd (USN-7992-1). Impacts 22.04 LTS, 24.04 LTS, 25.10. Remote root access possible. Read more: 👉 tinyurl.com/d9bvc3bs #Security

0
0
0
7h ago

CVE-2023-38346

Overview

Pending

22 Sep 2023

Published

25 Sep 2024

Updated

CVSS

Pending

EPSS

1.23%

MITRE

KEV

Description

An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.

Statistics

1 Post
9 Interactions

Last activity: 22 hours ago

Fediverse

floyd aka floyd_ch @floyd

RE: https://mastodon.social/@bagder/116001950411560304

My CVEs are still at 0 medals, but thanks to VxWorks I was able to achieve a CVE on Mars (#Curiosity rover, CVE-2023-38346) 😉

Btw. if anyone from #NASA could confirm curiosity was/is really affected (but probably without attack vector so no impact I guess), that would mean a lot to me

4
5
0
22h ago

CVE-2025-69420

Overview

OpenSSL
OpenSSL

27 Jan 2026

Published

28 Jan 2026

Updated

CVSS

Pending

EPSS

0.07%

MITRE

KEV

Description

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Statistics

1 Post
1 Interaction

Last activity: 6 hours ago

Fediverse

Henry @henrahmagix

omg 69420 what a CVE number :blobcat_engineer: https://security-tracker.debian.org/tracker/CVE-2025-69420

1
0
0
6h ago

CVE-2025-28162

Overview

Pending

27 Jan 2026

Published

29 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

Statistics

1 Post
1 Interaction

Last activity: 6 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 #URGENT FOR UBUNTU USERS & SYSADMINS 🚨 A critical new vulnerability (CVE-2025-28162) in the libpng library allows attackers to take control of systems through malicious PNG images. Read more: 👉 tinyurl.com/5n7nnfps #Security

0
1
0
6h ago

CVE-2023-27350

Overview

PaperCut
NG

20 Apr 2023

Published

21 Oct 2025

Updated

CVSS v3.0

CRITICAL (9.8)

EPSS

94.26%

MITRE

KEV

Description

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

Statistics

2 Posts
1 Interaction

Last activity: 8 hours ago

Fediverse

0xdf @0xdf

Bamboo from HackTheBox and VulnLab features Squid proxy enumeration, CVE-2023-27350 authentication bypass to RCE in PaperCut NG, and binary hijacking of a root-executed script for privilege escalation.

https://0xdf.gitlab.io/2026/02/03/htb-bamboo.html

0
1
1
8h ago

CVE-2026-1225

Overview

QOS.CH Sarl
Logback-core

22 Jan 2026

Published

22 Jan 2026

Updated

CVSS v4.0

LOW (1.8)

EPSS

0.01%

MITRE

KEV

Description

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.

Statistics

1 Post

Last activity: 1 hour ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 Attention System Admins & #DevOps Professionals! 🚨A new security update is critical for your #openSUSE Leap 15.6 servers. The logback library vulnerability (CVE-2026-1225) poses a moderate ACE (Arbitrary Code Execution) risk. Read more: 👉 tinyurl.com/yfwcbrsj #SUSE

0
0
0
1h ago

Showing 1 to 10 of 36 CVEs