Overview
Description
Statistics
- 24 Posts
- 21 Interactions
Fediverse
RE: https://mastodon.social/@campuscodi/116006284031729445
More on this campaign from Zscaler: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit
Other targets also include Romania and Slovakia
"Microsoft Office zero-day actively exploited" 🕵️ 🙄
(CVSS 7.8)
https://hackingpassion.com/office-zero-day-cve-2026-21509
#cve202621509 #cybersec #cybersecurity #infosec #microsoft #office #microsoftoffice #ole
Latest News (Feb 2-3, 2026):
Global: India and the US have finalized a trade deal. Pakistani forces killed 145 militants in Balochistan after coordinated attacks.
Tech: SpaceX merged with xAI, announcing plans for space-based AI data centers. Oracle plans a $50B expansion for AI cloud infrastructure.
Cybersecurity: A Russian hacker alliance, "Russian Legion," threatens a major cyberattack on Denmark. Russia-linked APT28 exploits a new Microsoft Office flaw (CVE-2026-21509) in attacks across Ukraine and the EU.
Russian hackers, identified as APT28, are actively exploiting a recently patched Microsoft Office vulnerability (CVE-2026-21509) to deploy malware, including the COVENANT framework, via malicious documents. These attacks, targeting Ukrainian and other EU organizations, utilize a complex download chain involving COM hijacking and cloud storage for command-and-control.
https://www.bleepingcomputer.com/news/security/russian-hackers-exploit-recently-patched-microsoft-office-bug-in-attacks/
Bluesky
Overview
- OpenClaw
- OpenClaw
Description
Statistics
- 7 Posts
- 5 Interactions
Fediverse
depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
Here's a summary of the latest global, technology, and cybersecurity news from the last 24-48 hours:
**Global:** US-Iran talks on a nuclear deal are progressing, though Iran warned of regional war if attacked (Feb 1-2). A Russian drone strike killed 15 mineworkers in Dnipro, Ukraine (Feb 1).
**Tech/Cybersecurity:** ETSI launched a new, globally applicable cybersecurity standard for AI models (ETSI EN 304 223, Feb 2). A critical remote code execution (RCE) flaw in the OpenClaw AI assistant (CVE-2026-25253) was disclosed (Feb 2). AI-driven cyber threats are escalating, and Microsoft's extensive AI infrastructure spending is raising Wall Street concerns (Jan 30 - Feb 2).
OpenClaw – CVE-2026-25253 : un lien malveillant suffit à exécuter du code à distance en 1-clic https://www.it-connect.fr/openclaw-cve-2026-25253-un-lien-malveillant-suffit-a-executer-du-code-a-distance-en-1-clic/ #ActuCybersécurité #Cybersécurité #IA
Bluesky
Overview
- @react-native-community/cli-server-api
Description
Statistics
- 5 Posts
- 2 Interactions
Fediverse
Our team wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which VulnCheck's Canary Intelligence network detected for the first time in December 2025.
🚨 Researchers detect active exploitation of a critical React Native CLI flaw.
CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers, with attacks deploying PowerShell and a Rust payload.
🔗 Read → https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html
Hackers are actively exploiting a critical remote code execution vulnerability (CVE-2025-11953) in React Native's Metro Development Server to deliver malware on Windows and Linux systems. The vulnerability, dubbed Metro4Shell, stems from an OS command injection flaw in the /open-url endpoint and has a critical CVSS score of 9.8, yet exploitation is occurring before widespread public awareness.
https://cybersecuritynews.com/react-native-metro-server-exploit/
Bluesky
Overview
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
CVE-2026-24512: ingress-nginx rules.http.paths.path nginx configuration injection - https://github.com/kubernetes/kubernetes/issues/136678
Overview
Description
Statistics
- 2 Posts
Fediverse
#infosec #linux #vulnerability
Un fallo de seguridad (exploit) encontrado recientemente expuso casi 800.000 servicios a Telnet a nivel mundial.
Según la Base de Datos de Vulnerabilidad Nacional (NVD) el exploit CVE-2026-24061 afecta a las versiones 1.9.3 a 2.7.
Estás versiones permiten al cliente pasar un valor de la variable de entorno USER al servidor e iniciar sesión como usuario root omitiendo la autenticación.
1/2
Overview
Description
Statistics
- 1 Post
- 9 Interactions
Fediverse
RE: https://mastodon.social/@bagder/116001950411560304
My CVEs are still at 0 medals, but thanks to VxWorks I was able to achieve a CVE on Mars (#Curiosity rover, CVE-2023-38346) 😉
Btw. if anyone from #NASA could confirm curiosity was/is really affected (but probably without attack vector so no impact I guess), that would mean a lot to me
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
omg 69420 what a CVE number :blobcat_engineer: https://security-tracker.debian.org/tracker/CVE-2025-69420
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Overview
- QOS.CH Sarl
- Logback-core
Description
Statistics
- 1 Post