Geek-Guy.com

Tag: actively

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Researchers and threat hunters are scrambling to respond to an actively exploited authentication-bypass vulnerability affecting Palo Alto Networks customers’ firewalls.  The company initially tagged CVE-2026-0257 with a medium-severity rating when it disclosed the defect May 13, but quickly reassessed it as critical after Rapid7 observed and confirmed active exploitation in the wild. The Cybersecurity and…

Read more →

AI, Exploits, Global Security News

Tennessee man linked to 764 accused of series of crimes against children dating back to 2022

A Tennessee man accused of abusing and sexually exploiting children while actively participating in 764, a sprawling online nihilistic violent extremist collective affiliated with The Com, pleaded not guilty Thursday to a series of charges that could keep him locked up for 50 years. Zachary Sweeney has allegedly victimized multiple children, on numerous occasions grooming…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

A critical Palo Alto PAN-OS zero-day is being exploited in the wild

Attackers are actively exploiting a zero-day vulnerability affecting some Palo Alto Networks’ customers’ firewalls, the security vendor said in an advisory Tuesday. The critical memory corruption vulnerability — CVE-2026-0300 — affects the authentication portal of PAN-OS, and allows unauthenticated attackers to run  code with root privileges on the vendor’s PA-Series and VM-Series firewalls, the company…

Read more →

Exploits, Global Security News, Network Security

Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)

A critical vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is being actively exploited by attackers, the security company acknowledged today, and urged customers to implement mitigations as they are still working on fixes. About CVE-2026-0300 CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS…

Read more →

AI, Exploits, Global Security News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. “MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security

Two new extortion crews are speedrunning the Scattered Spider playbook

A pair of persistent and problematic threat groups affiliated with The Com are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, according to CrowdStrike. The financially-motivated attackers, which CrowdStrike tracks as Cordial Spider and Snarky Spider, have used voice-phishing and social engineering attacks to break into victims’ identity…

Read more →

AI, Exploits, Global Security News, Russia

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That’s according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible

Read more →

AI, APAC, Apps, china, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management

Critical Exploits, AI Shifts, and Major Breaches Redefine Cybersecurity This Week

Major Threats & Vulnerabilities Zero-Day and Active Exploits A critical flaw in Nginx UI is being actively exploited in the wild, allowing unauthenticated users to perform privileged actions through an unprotected endpoint. Administrators are urged to patch immediately and restrict public access to management interfaces. The EngageLab SDK vulnerability affecting over 50 million Android users…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint,…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams. “April’s threat landscape is defined by immediate, real-world exploitation rather…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security

Microsoft drops its second-largest monthly batch of defects on record

Microsoft addressed 165 vulnerabilities affecting its various products and underlying systems, including one actively exploited vulnerability in Microsoft Office SharePoint, in this month’s Patch Tuesday update.  “By my count, this is the second-largest monthly release in Microsoft’s history,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a blog post…

Read more →

AI, Global Security News

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. “Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Risk Management

Attackers target unpatched ShowDoc servers via CVE-2025-0520

A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Risk Management

Attackers target unpatched ShowDoc servers via CVE-2025-0520

A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Marimo RCE Flaw Exploited Within Hours of Disclosure

A vulnerability in the open-source Marimo Python notebook platform is already being actively exploited, underscoring how quickly attackers can turn newly disclosed flaws into real-world attacks.  Less than 10 hours after public disclosure, threat actors developed a working exploit and began targeting exposed systems. “Within 9 hours and 41 minutes of the vulnerability advisory’s publication,…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621

Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited. The flaw could allow attackers to execute malicious code on affected systems,…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News

Fortinet customers confront actively exploited zero-day, with a full patch still pending

Fortinet released an emergency software update over the weekend to address an actively exploited vulnerability in FortiClient EMS, an endpoint management tool for customer devices. The zero-day vulnerability — CVE-2026-35616 — has a CVSS rating of 9.8 and was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerability catalog Monday.  Fortinet said in…

Read more →

AI, Cybersecurity, Europe, Exploits, Global Security News

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521. Over 14,000 F5 BIG-IP APM instances remain exposed online, with attackers actively exploiting the critical remote code execution vulnerability CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), the nonprofit security organization Shadowserver warns. The vulnerability in BIG-IP…

Read more →

AI, Apps, Endpoint, Global Security News, Risk Management

How often are redirects used in phishing in 2026?, (Mon, Apr 6th)

In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused… Although open redirect is not generally considered a high-impact vulnerability on its own, it can have multiple negative implications. Johannes already covered one in…

Read more →

AI, Exploits, Global Security News, Risk Management

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

Fortinet issued emergency patches for a critical FortiClient EMS flaw (CVE-2026-35616) actively exploited in the wild. Fortinet released out-of-band patches for a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS 9.1), which is already being exploited in attacks in the wild. The flaw is an improper access control issue that allows attackers to bypass authentication…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

Attackers are actively probing a critical Citrix NetScaler flaw (CVE-2026-3055) that can leak sensitive data via a memory overread issue. A critical vulnerability, tracked as CVE-2026-3055 (CVSS score of 9.3), in Citrix NetScaler ADC and Gateway is already being actively probed by attackers. This week, Citrix issued security updates for two NetScaler vulnerabilities, including the critical memory…

Read more →

AI, Exploits, Global Security News, malware

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Threat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens. According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of dollars in rewards. Developers are being tricked into malicious GitHub repositories and discussions,…

Read more →

AI, Compliance, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Network Security, Risk Management

Cisco’s latest vulnerability spree has a more troubling pattern underneath

Cisco customers have confronted a flood of actively exploited vulnerabilities affecting the vendor’s network edge software since late February, and researchers say that five of the nine vulnerabilities Cisco disclosed in its firewalls and SD-WAN systems over the past three weeks have already been exploited in the wild.  Attackers exploited a pair of these defects…

Read more →

AI, Data Breaches, Exploits, Global Security News, privacy, Risk Management

CVE-2026-20643: Vulnerability in WebKit Navigation API May Bypass Same Origin Policy

Just a little over a month after fixing the actively exploited CVE-2026-20700 zero-day, Apple has now issued its first Background Security Improvements release to address CVE-2026-20643, a WebKit vulnerability that could allow maliciously crafted web content to bypass the Same Origin Policy, one of the browser’s core security boundaries. The issue in the limelight adds…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Cisco SD-WAN Manager Vulnerabilities Actively Exploited

Cisco is warning customers that attackers are actively exploiting multiple vulnerabilities affecting its Catalyst SD-WAN Manager platform. The software serves as a centralized management console used to monitor and control large distributed SD-WAN deployments.  These vulnerabilities “… could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information,…

Read more →

AI, Exploits, Global Security News, Risk Management

Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities

Google disclosed one actively exploited zero-day vulnerability Monday, warning that the high-severity defect affecting an open-source Qualcomm display component for Android devices “may be under limited, targeted exploitation.” The memory-corruption vulnerability — CVE-2026-21385 — which Google’s Android security team reported to Qualcomm Dec. 18, affects 234 chipsets, Qualcomm said in a security bulletin. Qualcomm said…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Cisco SD-WAN Zero-Day Actively Exploited to Gain Root Access

A zero-day vulnerability in Cisco Catalyst SD-WAN products has been actively exploited since at least 2023, allowing attackers to bypass authentication and ultimately gain root access in targeted environments.  This flaw affects core control-plane components and has been linked to a sophisticated threat actor cluster known as UAT-8616. “The Cisco Catalyst SD-WAN zero-day, which is…

Read more →

AI, Cybersecurity, Europe, Global Security News, Government & Policy, privacy, Risk Management

US orders diplomats to push back on data sovereignty

The US government has ordered its diplomats to actively oppose other countries’ attempts to introduce so-called data sovereignty laws that restrict how and where foreign technology companies can store and handle citizens’ data, according to Reuters. In an internal memo from Secretary of State Marco Rubio, the US describes such rules as a threat to…

Read more →

AI, APAC, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape

This week, a Dell vulnerability is being actively exploited, an Apache flaw allows bypass of RBAC, and over 41% of OpenClaw skills are vulnerable. Major Threats & Vulnerabilities Zero-Day Vulnerabilities A zero-day vulnerability in Dell RecoverPoint is being actively exploited to deploy web shells and backdoors in VMware environments. This highlights the urgent need for…

Read more →

AI, APAC, Apps, Endpoint, Exploits, Global Security News, Government & Policy, Network Security

Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers

Attackers are actively exploiting two critical zero-day vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) to gain unauthenticated control of enterprise mobile device management infrastructure and install backdoors engineered to persist even after organizations apply available patches. “Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting…

Read more →

AI, APAC, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Ivanti EPMM Vulnerabilities Actively Exploited in the Wild

Two vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, putting thousands of enterprise mobile management systems at risk.  The flaws allow unauthenticated attackers to remotely execute arbitrary code on vulnerable servers, potentially giving them full control over corporate mobile device management (MDM) environments. “Palo Alto Networks Cortex Xpanse has…

Read more →

AI, APAC, Apps, china, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor 

A zero-day vulnerability in Dell RecoverPoint for Virtual Machines is being actively exploited to deploy backdoors and pivot deeper into enterprise networks.  The flaw has reportedly been abused since at least mid-2024 by a suspected China-linked threat cluster. “Beyond the Dell appliance exploitation, Mandiant observed the actor employing novel tactics to pivot into VMware virtual…

Read more →

AI, APAC, china, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

CVE-2026-22769: Critical Dell RecoveryPoint Zero-Day Exploited in the Wild

SOC Prime has recently covered a wave of actively exploited zero-days across major ecosystems, including Apple’s CVE-2026-20700 and Microsoft’s CVE-2026-20805, alongside a fresh Chrome zero-day case. But the avalanche of threats keeps marching into 2026. Recently, researchers from Mandiant and Google Threat Intelligence Group (GTIG) detailed the active exploitation of CVE-2026-22769, a maximum-severity hardcoded-credential vulnerability…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

BeyondTrust RCE Exploited for Domain Control

Attackers are actively exploiting a vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) to remotely run commands and escalate to full domain control in some environments.  The flaw affects self-hosted deployments and can be triggered without authentication. We “… observed attempts to deploy the SimpleHelp RMM tool for persistence, along with discovery…

Read more →

AI, Exploits, Global Security News

Google fixes first actively exploited Chrome zero-day of 2026

Google patched Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw actively exploited in the wild. Google has released urgent security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-2441, in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component. This is the first…

Read more →

AI, Apps, Blog, Compliance, CVE, CVEs, Cybersecurity, Exploits, Global Security News, Risk Management, vulnerability

CVE-2026-20700: Apple Patches Zero-Day Exploited in Sophisticated Cyber Attacks

SOC Prime previously highlighted Apple’s actively exploited WebKit zero-day CVE-2025-14174, a case that showed how quickly weaponized iOS flaws can move from targeted activity to real operational risk for organizations and high-value users. That same case later led to additional fixes, with CVE-2025-14174 and CVE-2025-43529 both issued in response to it, reinforcing a familiar pattern…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Security, Vulnerabilities

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases. However, Tyler Reguly, associate director of security R&D at Fortra, says there’s good news: The issues are easy to resolve with regular Microsoft patches for Windows and Office, and none require any post patch configuration steps.…

Read more →

AI, Breaking News, Exploits, Global Security News, hacking, hacking news, Security, Uncategorized

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Risk Management, Threats

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Microsoft’s latest security update is littered with zero-day vulnerabilities, actively exploited defects that account for more than 10% of the total CVEs the vendor addressed in this month’s Patch Tuesday update. The vendor addressed 59 vulnerabilities affecting its various products for business operations and underlying systems, including six defects that were actively exploited prior to…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →