Overview
Description
Statistics
- 9 Posts
- 6 Interactions
Fediverse
"Microsoft Office zero-day actively exploited" 🕵️ 🙄
(CVSS 7.8)
https://hackingpassion.com/office-zero-day-cve-2026-21509
#cve202621509 #cybersec #cybersecurity #infosec #microsoft #office #microsoftoffice #ole
Russian hackers, identified as APT28, are actively exploiting a recently patched Microsoft Office vulnerability (CVE-2026-21509) to deploy malware, including the COVENANT framework, via malicious documents. These attacks, targeting Ukrainian and other EU organizations, utilize a complex download chain involving COM hijacking and cloud storage for command-and-control.
https://www.bleepingcomputer.com/news/security/russian-hackers-exploit-recently-patched-microsoft-office-bug-in-attacks/
Bluesky
Overview
- OpenClaw
- OpenClaw
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
Here's a summary of the latest global, technology, and cybersecurity news from the last 24-48 hours:
**Global:** US-Iran talks on a nuclear deal are progressing, though Iran warned of regional war if attacked (Feb 1-2). A Russian drone strike killed 15 mineworkers in Dnipro, Ukraine (Feb 1).
**Tech/Cybersecurity:** ETSI launched a new, globally applicable cybersecurity standard for AI models (ETSI EN 304 223, Feb 2). A critical remote code execution (RCE) flaw in the OpenClaw AI assistant (CVE-2026-25253) was disclosed (Feb 2). AI-driven cyber threats are escalating, and Microsoft's extensive AI infrastructure spending is raising Wall Street concerns (Jan 30 - Feb 2).
Overview
- Qualcomm, Inc.
- Snapdragon
Description
Statistics
- 3 Posts
Fediverse
🟠 CVE-2025-47397 - High (7.8)
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47397/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Qualcomm released the security bulletin for February 2026: CVE-2025-47397 is the GPU IOMMU issue mentioned in 39c3’s Build a Fake Phone, Find Real Bugs session. (at the 28 minute mark) The presenter said that they’ll “update the presentation’s repository with the technical details once the CVE is shared publicly”, Looking forward to reading that…
Qualcomm’s CVE-2025-47397 patch doesn’t make sense on kernel 5.10: 5.10 isn’t vulnerable to the issue in the first place!
The bug was only introduced in kernel 5.15.
(Interestingly, some poor dev at MediaTek hit the exact same bug in 2022: searching for “iommu_map_sg cve” gives me this fix commit)
Overview
Description
Statistics
- 2 Posts
Bluesky
Overview
Description
Statistics
- 1 Post
- 6 Interactions
Fediverse
RE: https://mastodon.social/@bagder/116001950411560304
My CVEs are still at 0 medals, but thanks to VxWorks I was able to achieve a CVE on Mars (#Curiosity rover, CVE-2023-38346) 😉
Btw. if anyone from #NASA could confirm curiosity was/is really affected (but probably without attack vector so no impact I guess), that would mean a lot to me
Overview
Description
Statistics
- 2 Posts
- 3 Interactions
Fediverse
Ivanti: Notfall-Update gegen Zero-Days
Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt
https://www.pc-fluesterer.info/wordpress/2026/02/02/ivanti-notfall-update-gegen-zero-days/
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday
Overview
- Ivanti
- Endpoint Manager Mobile
Description
Statistics
- 2 Posts
- 3 Interactions
Fediverse
Ivanti: Notfall-Update gegen Zero-Days
Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt
https://www.pc-fluesterer.info/wordpress/2026/02/02/ivanti-notfall-update-gegen-zero-days/
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday
Overview
- Native Instruments
- Native Access
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🟠 CVE-2026-24070 - High (8.8)
During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- Atlassian
- Confluence Server
Description
Statistics
- 1 Post
- 3 Interactions
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
RCE Threat in Workflow Automation
⚠️ CVE-2026-21858 — Critical unauthenticated remote code execution in n8n self-hosted instances can allow complete takeover if left unpatched.
Check remediation guidance here:
👉 https://cvedatabase.com/cve/CVE-2026-21858 #CyberSecurity #DevOps