Microsoft Office vulnerability (CVE-2026-21509) in active exploitation
Categories: Threat Research
Tags: Microsoft Office, vulnerability, advisory
Similar Posts
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
Bys sTeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed…
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Bys sFortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. “An improper neutralization of special elements used in an OS…
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Bys sThe threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP…
Leavenworth, Kansas cyberattack disrupts city services
Bys sJoseph Topping reports: Officials in Leavenworth, Kansas, say a cyberattack behind a Nov. 19 network outage is still disrupting invoice, permitting and hiring systems, though emergency services remain unaffected. The city first reported a “network outage affecting city services” on Nov. 19 after computer and phone systems began failing late that morning. Outside information technology……
Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems
Bys sAn advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme. “This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads,” Bitdefender
Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets
Bys sJonathan Greig reports: The popular anime streaming platform Crunchyroll confirmed on Monday evening that a batch of customer information leaked online over the weekend is legitimate. In a statement to Recorded Future News, a spokesperson for the company said their investigation into the stolen documents is ongoing alongside cybersecurity experts. “At this time, we believe……