24h | 7d | 30d

CVE-2026-21509

Overview

Microsoft
Microsoft Office 2019

26 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.91%

MITRE

KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

23 Posts
19 Interactions

Last activity: Last hour

Fediverse

Catalin Cimpanu @campuscodi

RE: https://mastodon.social/@campuscodi/116006284031729445

More on this campaign from Zscaler: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit

Other targets also include Romania and Slovakia

7
6
0
9h ago

Joaquim Homrighausen @joho

"Microsoft Office zero-day actively exploited" 🕵️ 🙄

(CVSS 7.8)

https://hackingpassion.com/office-zero-day-cve-2026-21509

#cve202621509 #cybersec #cybersecurity #infosec #microsoft #office #microsoftoffice #ole

0
1
0
22h ago

Anonymous :verified: @youranonnewsirc

Bluesky

WinFuture.de @winfuture.de

Fancy Bear schläft nicht: Die #Microsoft Office-Schwachstelle CVE-2026-21509 wird von russischen Hackern für gezielte Angriffe auf Behörden in der Ukraine und der EU genutzt. Patch dringend empfohlen.

1
1
1
16h ago

780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social

Russia-linked APT28 Leverages CVE-2026-21509 in Operation Neusploit Zscaler www.zscaler.com/blogs/securi... @zscalerinc.bsky.social

0
1
0
10h ago

Virus Bulletin @virusbtn.bsky.social

Zscaler ThreatLabz reports on Operation Neusploit, a January 2026 campaign targeting Central and Eastern Europe. Weaponised Microsoft RTF files exploit CVE-2026-21509 to deliver multi-stage backdoors. The campaign is attributed to APT28 with high confidence. www.zscaler.com/blogs/securi...

0
1
0
10h ago

us-nb.bsky.social @us-nb.bsky.social

Russian hackers exploit recently patched Microsoft Office bug in attacks https://www.newsbeep.com/us/445936/ Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple…

0
0
0
18h ago

ohhara @shiojiri.com

ロシア関連アクターAPT28がMicrosoft Officeのゼロデイを攻撃に利用（CVE-2026-21509） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43749/

0
0
0
18h ago

Information Security Briefly @infosecbriefly.bsky.social

Russia-linked UAC-0001 exploited CVE-2026-21509 in malicious Office RTFs to deliver MiniDoor and PixyNetLoader targeting users in Ukraine, Slovakia, and Romania.

0
0
0
14h ago

Cyber Threat Feeds @montxt.bsky.social

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html

0
0
0
13h ago

Information Security Briefly @infosecbriefly.bsky.social

APT28 quickly weaponized Microsoft's patched Office vulnerability CVE-2026-21509, deploying droppers and additional malware such as MiniDoor within days of the patch release.

0
0
0
11h ago

ReconBee @reconbee.bsky.social

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks reconbee.com/apt28-uses-m... #APT28 #microsoftoffice #microsoft #Espionage #malware #malwareattack #cyberattacks

0
0
0
11h ago

Coca News @cocanews.bsky.social

ロシア関連アクターAPT28がMicrosoft Officeのゼロデイを攻撃に利用（CVE-2026-21509） | Codebook｜Security News https://www.wacoca.com/news/2759664/ ロシア関連アクターAPT28がMicrosoft Officeのゼロデイを攻撃に利用（CVE-2026-21509） The Register – Mon 2 Feb 2026 ウクライナのCERT-UAによると、ロシア [...]

0
0
1
9h ago

CyberMaterial @cybermaterial.bsky.social

APT28 Exploits Office CVE 2026 21509 Read More: buff.ly/QVm26kR #APT28 #UAC0001 #CVE202621509 #MicrosoftOffice #NationStateThreat #CyberEspionage #ThreatIntel #MalwareCampaign

0
0
0
9h ago

Ninja Owl @ninjaowl.ai

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
0
8h ago

Sami Laiho @samilaiho.com

APT28 Leverages CVE-2026-21509 in Operation Neusploit www.zscaler.com/blogs/securi...

0
0
0
6h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

Operation Neusploit: APT28 Uses CVE-2026-21509

0
0
0
5h ago

Packet Storm News @packetstorm.bsky.social

APT28 Leverages CVE-2026-21509 in Operation Neusploit https://packetstorm.news/news/view/40302 #news

0
0
0
2h ago

Michael Wyres @mwyr.es

APT28 Uses Microsoft Office CVE-2026-21509 In Espionage-Focused Malware Attacks - https://mwyr.es/rm5e6zLI #thn #infosec

0
0
0
1h ago

キタきつね @kitafox.bsky.social

ロシアのハッカーが最近修正されたMicrosoft Officeの脆弱性（CVE-2026-21509）を悪用している Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) #HelpNetSecurity (Feb 3) www.helpnetsecurity.com/2026/02/03/r...

0
0
0
Last hour

CVE-2026-25253

Overview

OpenClaw
OpenClaw

01 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.04%

MITRE

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

5 Posts
3 Interactions

Last activity: 5 hours ago

Fediverse

benzogaga33 :verified: @benzogaga33

OpenClaw – CVE-2026-25253 : un lien malveillant suffit à exécuter du code à distance en 1-clic https://www.it-connect.fr/openclaw-cve-2026-25253-un-lien-malveillant-suffit-a-executer-du-code-a-distance-en-1-clic/ #ActuCybersécurité #Cybersécurité #IA

0
0
0
7h ago

Bluesky

r/blueteamsec bot @r-blueteamsec.bsky.social

Hunting OpenClaw Exposures: CVE-2026-25253 in Internet-Facing AI Agent Gateways

1
0
0
5h ago

The Shadowserver Foundation @shadowserver.bsky.social

Most instances are across various cloud providers. Our reporting is for awareness purposes. OpenClaw has had various security risks highlighted recently (such as for example www.wiz.io/blog/exposed... & CVE-2026-25253 (1-Click RCE via Authentication Token Exfiltration)

0
2
0
6h ago

Information Security Briefly @infosecbriefly.bsky.social

Critical token-exfiltration vulnerability CVE-2026-25253 allowed attackers to hijack OpenClaw instances via malicious websites; patched in version 2026.1.29.

0
0
0
9h ago

Modat @modat-io.bsky.social

⚠️CVE-2026-25253: 1-click RCE in OpenClaw. A crafted link leaks gateway tokens via WebSocket, enabling host command execution even on localhost. Fixed v2026.1.29 patch & rotate tokens. Query: web.title~"Clawdbot Control" OR web.title~"OpenClaw Control" OR web.title~"Moltbot Control" magnify.modat.io

0
0
0
7h ago

CVE-2025-11953

Overview

@react-native-community/cli-server-api

03 Nov 2025

Published

04 Dec 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.40%

MITRE

KEV

Description

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.

Statistics

6 Posts
3 Interactions

Last activity: 4 hours ago

Fediverse

Caitlin Condon @catc0n

Our team wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which VulnCheck's Canary Intelligence network detected for the first time in December 2025.

https://www.vulncheck.com/blog/metro4shell_eitw

0
2
0
5h ago

tomcat @tomcat

🚨 Researchers detect active exploitation of a critical React Native CLI flaw.

CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers, with attacks deploying PowerShell and a Rust payload.

🔗 Read → https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html

0
1
0
5h ago

ekiledjian @edwardk

Hackers are actively exploiting a critical remote code execution vulnerability (CVE-2025-11953) in React Native's Metro Development Server to deliver malware on Windows and Linux systems. The vulnerability, dubbed Metro4Shell, stems from an OS command injection flaw in the /open-url endpoint and has a critical CVSS score of 9.8, yet exploitation is occurring before widespread public awareness.
https://cybersecuritynews.com/react-native-metro-server-exploit/

0
0
0
5h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

Critical CVE-2025-11953 (Metro4Shell) in React Native's Community CLI/Metro is being actively exploited since December, exposing thousands of internet-accessible instances.

0
0
0
9h ago

Information Security Briefly @infosecbriefly.bsky.social

CVE-2025-11953 (Metro4Shell) is actively exploited to achieve unauthenticated remote command execution and deliver persistent, Rust-based malware via a PowerShell loader.

0
0
0
8h ago

Information Security Briefly @infosecbriefly.bsky.social

A critical CVE-2025-11953 OS command-injection flaw in React Native's Metro dev server enables unauthenticated remote execution and malware delivery on Windows and Linux.

0
0
0
4h ago

CVE-2026-24512

Overview

Kubernetes
ingress-nginx

03 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Statistics

4 Posts
2 Interactions

Last activity: 5 hours ago

Fediverse

Chris Short @ChrisShort

CVE-2026-24512 #devopsish #kubernetes #cve https://github.com/kubernetes/kubernetes/issues/136678

1
1
0
5h ago

K8sContributors @K8sContributors

CVE-2026-24512: ingress-nginx rules.http.paths.path nginx configuration injection - https://github.com/kubernetes/kubernetes/issues/136678

0
0
2
7h ago

CVE-2026-1580

Overview

Kubernetes
ingress-nginx

03 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Statistics

4 Posts
1 Interaction

Last activity: 3 hours ago

Fediverse

Chris Short @ChrisShort

CVE-2026-1580 #devopsish #kubernetes #cve https://github.com/kubernetes/kubernetes/issues/136677

1
0
0
3h ago

Bluesky

K8sContributors @kubernetes.dev

CVE-2026-1580: ingress-nginx auth-method nginx configuration injection -

0
0
2
9h ago

CVE-2025-62203

Overview

Microsoft
Office Online Server

11 Nov 2025

Published

02 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.08%

MITRE

KEV

Description

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Statistics

2 Posts
1 Interaction

Last activity: 3 hours ago

Fediverse

buherator @buherator

[RSS] Micropatches released for Microsoft Excel Remote Code Execution Vulnerability (CVE-2025-62203)

https://blog.0patch.com/2026/02/micropatches-released-for-microsoft.html

0
1
0
3h ago

Bluesky

buherator @buherator.bsky.social

[RSS] Micropatches released for Microsoft Excel Remote Code Execution Vulnerability (CVE-2025-62203) blog.0patch.com -> Original->

0
0
0
3h ago

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

11 Dec 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

56.68%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

2 Posts
9 Interactions

Last activity: 2 hours ago

Fediverse

GreyNoise @greynoise

Two IPs now generate 56% of all CVE-2025-55182 exploitation traffic.

One deploys cryptominers. The other opens reverse shells.

We dug into the infrastructure. What we found goes back to 2020.

https://www.greynoise.io/blog/react2shell-exploitation-consolidates

6
3
1
2h ago

CVE-2025-29824

Overview

Microsoft
Windows 10 Version 1809

08 Apr 2025

Published

21 Oct 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.83%

MITRE

KEV

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Statistics

1 Post
5 Interactions

Last activity: 5 hours ago

Fediverse

clearbluejar @clearbluejar

Patch diffing + RCA for clfs.sys can take awhile.

I gave the diff + binary to a local LLM.

It mapped the UAF path, race condition, all IOCTLs in <20 min

LLMs don't replace the work, they are momentum.

New blog post following the UAF trail of CVE-2025-29824:

https://clearbluejar.github.io/posts/how-llms-feed-your-re-habit-following-the-uaf-trail-in-clfs/

2
3
0
5h ago

CVE-2025-69420

Overview

OpenSSL
OpenSSL

27 Jan 2026

Published

28 Jan 2026

Updated

CVSS

Pending

EPSS

0.07%

MITRE

KEV

Description

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Statistics

1 Post
1 Interaction

Last activity: 11 hours ago

Fediverse

Henry @henrahmagix

omg 69420 what a CVE number :blobcat_engineer: https://security-tracker.debian.org/tracker/CVE-2025-69420

1
0
0
11h ago

CVE-2023-27350

Overview

PaperCut
NG

20 Apr 2023

Published

21 Oct 2025

Updated

CVSS v3.0

CRITICAL (9.8)

EPSS

94.26%

MITRE

KEV

Description

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

Statistics

2 Posts
1 Interaction

Last activity: 13 hours ago

Fediverse

0xdf @0xdf

Bamboo from HackTheBox and VulnLab features Squid proxy enumeration, CVE-2023-27350 authentication bypass to RCE in PaperCut NG, and binary hijacking of a root-executed script for privilege escalation.

https://0xdf.gitlab.io/2026/02/03/htb-bamboo.html

0
1
1
13h ago

Showing 1 to 10 of 37 CVEs