Microsoft Office vulnerability (CVE-2026-21509) in active exploitation
Categories: Threat Research
Tags: Microsoft Office, vulnerability, advisory
Similar Posts
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
Bys sThe second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the “setup_bun.js” loader and the main payload…
Senator Chides FBI for Weak Advice on Mobile Security
Bys sBrian Krebs reports: Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S….
Intel Websites Compromised, Allowing Hackers Access to Employee and Confidential Data
Bys sDivya reports: A series of critical security flaws in Intel’s internal web infrastructure exposed the personal details of more than 270,000 employees and potentially provided attackers with access to sensitive corporate and supplier information. The discoveries highlight severe weaknesses across multiple Intel-owned websites, raising broader concerns about the company’s handling of web application security. According……
Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans
Bys sCybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, to also distribute simpler malware such as SMS stealers and basic spyware. These campaigns are propagated via dropper apps masquerading as government or banking apps in India and other parts…
Veradigm’s Breach Claims Under Scrutiny After Dark Web Leak
Bys sVeradigm LLC is a health information technology company that provides software solutions to healthcare providers. On September 22, 2025, Veradigm filed breach notification letters with some state attorneys general. According to the notice, Veradigm learned that an unauthorized party accessed some clients’ data on December 15, 2024. The clients’ data was located in a storage……
Obligations under Canada’s data breach notification law
Bys sChiara Trinidad writes: What laws govern data breach in Canada? Data breach notification law is governed by the Personal Information and Electronic Documents Act (PIPEDA). This federal law regulates the handling of personal information during commercial transactions. This includes the collection, use, and disclosure of personal data. By extension, this also includes the storage of…