VulnHub

Microsoft has released a patch for a zero-day vulnerability in its Office software, identified as CVE-2026-21509. This flaw allows attackers to bypass certain security features, potentially putting users at risk. Reports suggest that the vulnerability may have already been exploited in targeted attacks against specific organizations. As a result, it's crucial for all users of Microsoft Office to apply this patch promptly to protect themselves from potential intrusions. The patch is part of Microsoft's ongoing efforts to enhance the security of its products and safeguard user data from malicious activities.

Kaspersky researchers have identified updates to the CoolClient backdoor and the deployment of new tools associated with the HoneyMyte group, also known as Mustang Panda or Bronze President. This group is known for its advanced persistent threat (APT) campaigns, which have now introduced three variants of a browser data stealer. These updates suggest an ongoing effort by attackers to enhance their capabilities and target sensitive data from users. The implications are significant, as organizations and individuals could be at risk of having their personal and financial information stolen. Users are encouraged to remain vigilant and ensure their systems are protected against these evolving threats.

Microsoft has released emergency patches for a serious vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw has a CVSS score of 7.8, indicating it is a significant security risk. The vulnerability allows attackers to bypass security features by exploiting untrusted inputs, potentially leading to unauthorized access. Organizations using affected Microsoft Office products should prioritize applying these patches, as the vulnerability is currently being exploited in the wild. This situation emphasizes the need for users to stay vigilant and maintain their software up to date to protect against such threats.

Cybercrime groups, notably one known as ShinyHunters, are executing a new wave of vishing attacks aimed at single sign-on (SSO) services. These attacks allow hackers to gain unauthorized access to victim networks and extract sensitive data in real time. The method involves using social engineering tactics to trick individuals into revealing their login credentials. This poses a significant risk to organizations that rely on SSO for streamlined access to multiple applications, as a breach can lead to widespread data theft. Companies and users need to be vigilant about sharing sensitive information and verify requests for credentials, especially through phone calls or messaging platforms.

Nike is currently investigating a potential data breach after the WorldLeaks extortion group claimed to have stolen and leaked 1.4 terabytes of sensitive data from the company. The incident raises significant concerns about the security measures in place at Nike, especially given the large volume of data involved. This breach could impact not only Nike's internal operations but also the privacy of its customers and partners. The exposure of such a substantial amount of data could lead to further attacks or exploitation of the information. As the investigation unfolds, it will be crucial for Nike to assess the extent of the breach and implement necessary security enhancements to protect against future incidents.

A serious vulnerability has been discovered in Appsmith, an open-source low-code application platform, tracked as CVE-2026-22794. This flaw affects the authentication process, allowing attackers to hijack user accounts. Researchers have confirmed that this vulnerability is currently being exploited in the wild, raising significant concerns for organizations using the platform. Users of Appsmith should act quickly to secure their accounts and systems to prevent unauthorized access. As the exploitation of this vulnerability poses a real threat, it’s crucial for affected users to stay informed and take necessary precautions.

Cybersecurity experts have discovered that cybercriminals are using fake CAPTCHA verification pages to distribute malware. These fraudulent pages mimic legitimate CAPTCHA forms, tricking users into interacting with them. When users attempt to complete the CAPTCHA, they inadvertently download malware onto their devices. This tactic is particularly concerning because it exploits a common security feature that many people trust. Users and organizations need to be vigilant about unexpected CAPTCHA prompts and ensure they are on legitimate websites before entering any information. This incident serves as a reminder of the evolving methods attackers use to bypass security measures.

In early December, India experienced a cyberespionage campaign linked to China, which involved attackers spoofing the country's tax office. This attack aimed to deceive individuals and possibly gain sensitive information. The spoofing incident raises concerns about the security of government communications and the potential for sensitive data leaks. As cyber threats continue to evolve, this incident serves as a reminder for both individuals and organizations to remain vigilant and verify the authenticity of official communications. The implications of such attacks can be significant, affecting national security and public trust in government institutions.

North Korean hackers, operating under the name Konni (also referred to as TA406 and Opal Sleet), have recently started using AI-generated PowerShell malware to target blockchain developers and engineers in the Asia-Pacific region. This sophisticated malware allows attackers to automate tasks and potentially evade detection, posing a significant risk to individuals and organizations in the blockchain sector. The targeting of blockchain professionals suggests a strategic move by these hackers to compromise systems that deal with cryptocurrencies and digital assets, which can have financial implications. As the cryptocurrency market continues to grow, such attacks could disrupt operations and lead to significant losses for affected companies. Researchers are urging blockchain developers to remain vigilant and enhance their security measures against these evolving threats.

A recent report reveals that malicious actors are distributing AI browser extensions designed for ChatGPT that can compromise user accounts. These extensions are capable of intercepting session tokens, which are crucial for maintaining authenticated sessions, thereby allowing attackers to hijack users' accounts without their knowledge. This threat primarily affects individuals using these extensions for web browsing. Users should be cautious about the browser extensions they install, especially those claiming to enhance AI capabilities, as they may pose significant risks to personal data and online security. It's essential for users to verify the legitimacy of such tools before installation to prevent unauthorized access to sensitive information.

eScan antivirus has suffered a supply chain breach that allowed attackers to distribute multi-stage malware through legitimate software updates. This incident raises serious concerns as it involves signed malware, meaning it could evade detection by users and security systems alike. The breach potentially affects eScan users who rely on the antivirus software for protection against threats. As attackers exploit trusted software to deliver malicious payloads, the trust users place in security products is significantly undermined. Companies using eScan should take immediate action to verify their software's integrity and consider alternative security measures until a fix is provided.