#cve-2009-0238
#cve-2009-0238

Information security

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Tech industry

Microsoft plans another out-of-band Windows fix

21 hours ago

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft addressed 169 security flaws, including one actively exploited vulnerability, marking the second largest Patch Tuesday ever.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

14 hours ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Privacy technologies

fromThe Verge

19 hours ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

fromComputerWeekly.com

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

Tech industry

Microsoft plans another out-of-band Windows fix

Microsoft is releasing an out-of-band update to fix installation errors from a problematic preview update.

21 hours ago

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft addressed 169 security flaws, including one actively exploited vulnerability, marking the second largest Patch Tuesday ever.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

DevOps

fromAzure DevOps Blog

15 hours ago

One-click security scanning and org-wide alert triage come to Advanced Security - Azure DevOps Blog

New capabilities in Azure DevOps simplify application security with one-click CodeQL setup and a unified alerts experience for security teams.

Node JS

fromNist

3 days ago

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA added six security flaws to its KEV catalog due to evidence of active exploitation.

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

CISA warns of exploitation of a critical F5 BIG-IP vulnerability, CVE-2025-53521, allowing remote code execution on affected systems.

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA added a critical vulnerability in F5 BIG-IP APM to its KEV catalog due to active exploitation risks.

3 weeks ago

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are exploiting a critical security flaw in Quest KACE SMA, allowing unauthorized access and control over administrative accounts.

Silicon Valley

fromWIRED

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA added six security flaws to its KEV catalog due to evidence of active exploitation.

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

CISA warns of exploitation of a critical F5 BIG-IP vulnerability, CVE-2025-53521, allowing remote code execution on affected systems.

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA added a critical vulnerability in F5 BIG-IP APM to its KEV catalog due to active exploitation risks.

3 weeks ago

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are exploiting a critical security flaw in Quest KACE SMA, allowing unauthorized access and control over administrative accounts.

more#cybersecurity

DevOps

fromAzure DevOps Blog

April Patches for Azure DevOps Server - Azure DevOps Blog

Customers should update to the latest version of Azure DevOps Server for security and reliability.

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Node JS

fromNist

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.

18 hours ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

#fortinet

12 hours ago

Information security

Critical Fortinet sandbox bugs allow auth bypass and RCE

20 hours ago

Information security

Fortinet Patches Critical FortiSandbox Vulnerabilities

Information security

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

12 hours ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

20 hours ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.

Information security

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

fromTNW | Anthropic

14 hours ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

fromTNW | Anthropic

14 hours ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

15 hours ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

19 hours ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

fromTechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

4 days ago

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.

3 days ago

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

fromTechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

4 days ago

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.

3 days ago

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

more#adobe

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

#patch-tuesday

Gadgets

Microsoft's latest update patches six zero-days and two critical flaws - but is it another buggy mess?

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

Microsoft's March Patch Tuesday addresses 83 vulnerabilities including two zero-day exploits in SQL Server and .NET, while introducing Common Log File System hardening with signature verification.

Information security

February's Patch Tuesday release fixes 59 flaws, including 6 being exploited

Information security

Microsoft issues emergency patch for latest Windows bugs - grab it ASAP

Gadgets

Microsoft's latest update patches six zero-days and two critical flaws - but is it another buggy mess?

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

Microsoft's March Patch Tuesday addresses 83 vulnerabilities including two zero-day exploits in SQL Server and .NET, while introducing Common Log File System hardening with signature verification.

Information security

February's Patch Tuesday release fixes 59 flaws, including 6 being exploited

Information security

Microsoft issues emergency patch for latest Windows bugs - grab it ASAP

SAP Patches Critical ABAP Vulnerability

SAP released 20 new and updated security notes addressing critical vulnerabilities, including a severe SQL injection flaw with a CVSS score of 9.9.

fromTechCrunch

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

fromInfoQ

New Rowhammer Attacks on NVIDIA GPUs Enable Full System Takeover

New Rowhammer attacks target NVIDIA GPUs, escalating from memory corruption to full system compromise, highlighting significant hardware security risks.

Tech industry

Microsoft releases second out-of-band fix for Windows in a week

January Windows updates caused Outlook and other apps to hang or mishandle files stored on cloud services, prompting Microsoft to release emergency out-of-band fixes.

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical vulnerability in Marimo allows unauthenticated remote code execution, exploited within hours of disclosure, affecting all versions prior to 0.20.4.

fromInfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical vulnerability in Marimo allows unauthenticated remote code execution, exploited within hours of disclosure, affecting all versions prior to 0.20.4.

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.

fromTechzine Global

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.

more#adobe-reader

Microsoft stays quiet while emergency Windows fixes ramp up

But are things getting worse? According to Register readers, and the company's own release health dashboard, the answer has to be yes. It isn't just you. The frequency of emergency out-of-band releases for the company's operating systems has been rapidly increasing to the point where, for every Patch Tuesday update, there'll likely be at least one out-of-band patch to fix whatever got broken.

Tech industry

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

Juniper Networks released patches for multiple vulnerabilities, including severe flaws that could lead to privilege escalation and remote device takeover.

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000

Google released Chrome 147, fixing 60 vulnerabilities, including two critical ones affecting WebML, with significant bug bounties awarded to researchers.

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall released patches for multiple vulnerabilities, including high-severity bugs that could allow unauthorized access and code execution.

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

'BlueHammer' Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A security researcher released exploit code for a Windows zero-day vulnerability called BlueHammer, allowing privilege escalation without an official Microsoft patch.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.

A critical Windows security fix puts legacy hardware on borrowed time

Microsoft will block unvetted kernel drivers starting April 2026, impacting legacy applications while enhancing security.

BIND Updates Patch High-Severity Vulnerabilities

ISC released BIND 9 updates to fix four vulnerabilities, including two high-severity bugs that can lead to memory leaks and high CPU consumption.

fromTechzine Global

3 weeks ago

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

4 weeks ago

Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities

Microsoft released an out-of-band security update for Windows 11 addressing three critical vulnerabilities in the Windows Routing and Remote Access Service that enable remote code execution through malicious server connections.

#microsoft-security-patches

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

This month, over half (55%) of all Patch Tuesday CVEs were privilege escalation bugs, and of those, six were rated exploitation more likely across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server, and Winlogon. We know these bugs are typically used by threat actors as part of post-compromise activity, once they get onto systems through other means (social engineering, exploitation of another vulnerability).

Information security

Patch Alert: Microsoft Fixes Nearly 80 Bugs, Including Critical Office Flaws

Microsoft's March Patch Tuesday addresses nearly 80 vulnerabilities, including critical Office flaws that enable code execution through document preview without requiring active zero-day exploits.

Information security

Microsoft Patches 83 Vulnerabilities

Microsoft released 83 vulnerability patches in March 2026, including one critical remote code execution flaw and several privilege escalation bugs requiring attention.

Patch Alert: Microsoft Fixes Nearly 80 Bugs, Including Critical Office Flaws

Microsoft's March Patch Tuesday addresses nearly 80 vulnerabilities, including critical Office flaws that enable code execution through document preview without requiring active zero-day exploits.

more#microsoft-security-patches

Microsoft Patches 83 Vulnerabilities

Microsoft released 83 vulnerability patches in March 2026, including one critical remote code execution flaw and several privilege escalation bugs requiring attention.

#windows-admin-center

Information security

Microsoft: Critical Windows Admin Center Flaw Allows Privilege Escalation

Information security

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Information security

Microsoft: Critical Windows Admin Center Flaw Allows Privilege Escalation

more#windows-admin-center

Information security

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Old Windows quirks help punch through new admin defenses

The issue focuses on how Windows handles these directories for specific user sessions. Because the kernel creates a DOS device object directory on demand, rather than at login, it cannot check whether the user is an admin during the creation process. Unlike UAC, Administrator Protection uses a hidden shadow admin account whose token handle can be returned by the system when calling the NtQueryInformationToken API function.

Information security

Cisco finally fixes max-severity bug under attack for weeks

Cisco released updates fixing a maximum-severity AsyncOS vulnerability (CVE-2025-20393) exploited for root access and persistence on SEG and SEWM appliances.

BeyondTrust Patches Critical RCE Vulnerability

Critical unauthenticated RCE (CVE-2026-1731, CVSS 9.9) affects BeyondTrust RS and PRA; patches are available and many internet-accessible on-prem deployments are likely exposed.

fromComputerWeekly.com

February Patch Tuesday: Microsoft drops six zero-days | Computer Weekly

Six newly classified Microsoft zero-day vulnerabilities are actively exploited, three publicly disclosed, within over 50 patched flaws across Microsoft products.

#microsoft-security-updates

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

CVE-2026-20045 (CVSS 8.2) allows unauthenticated remote attackers to execute arbitrary OS commands and escalate to root in multiple Cisco Unified Communications and Webex Calling Dedicated Instance products.

Information security

Microsoft's February Patch Tuesday Fixes 6 Zero-Days Under Attack

Information security

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Information security

Microsoft's February Patch Tuesday Fixes 6 Zero-Days Under Attack

more#microsoft-security-updates

Information security

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Critical Microsoft bug from 2024 under exploitation

A 9.8-rated SQL injection in Microsoft Configuration Manager, patched Oct 2024, is actively exploited and requires immediate patching.

Office zero-day exploited, forces Microsoft OOB patch

Zero-day CVE-2026-21509 lets attackers bypass Office security to run legacy COM/OLE components via malicious files; patches available for newer Office versions.

Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP

Microsoft has issued an emergency patch designed to resolve a zero-day security vulnerability affecting several versions of Microsoft Office. Already exploited in the wild, the flaw could allow an attacker to skirt past Office's built-in security measures and send victims a malicious document. Zero-day vulnerability In a note published Monday, Microsoft revealed details behind the flaw, known as a Microsoft Office Security Feature Bypass Vulnerability.

Information security

High-Severity Remote Code Execution Vulnerability Patched in OpenSSL

OpenSSL patched twelve vulnerabilities including a high-severity stack buffer overflow (CVE-2025-15467) that can cause DoS or remote code execution.