The Hacker News

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...
Regtechtimes on MSN

Security researchers uncover APT28 campaign exploiting newly disclosed Microsoft Office flaw

Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, ...
The Hacker News

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe.
Security Boulevard

Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP ...
Forbes

CVE Program Funding Reinstated—What It Means And What To Do Next

Forbes contributors publish independent expert analyses and insights. Kate O’Flaherty is a cybersecurity and privacy journalist. U.S. President Donald Trump has cut funding for the global database of ...
Hosted on MSN

Funding for the critical CVE security detection system renewed just hours before deadline

CVE funding gets last-minute funding reprieve A MITRE head told CVE board members that government funding is about to expire Some have called the move "reckless and ignorant" US government funding for ...
SecurityWeek

Oracle’s First 2026 CPU Delivers 337 New Security Patches

Oracle patches roughly 230 unique CVEs across more than 30 products with its first Critical Patch Update (CPU) released in ...
Security Boulevard

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) ...
SD Times

CVE Program rescued at the last minute after concerns over losing its government funding

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Bleeping Computer

Security firms dispute credit for overlapping CVE reports

Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. According to the company, Gecko ...
Dark ReadingOpinion

Hand CVE Over to the Private Sector

By the time of CVE's launch, ISS (later acquired by IBM) maintained a fully public VDB, as of August 1997. A company I helped ...
SiliconANGLE

Detectify launches Alfred to automate CVE security testing with AI

Advanced application security testing startup Detectify AB today announced the launch of Alfred, a new system that uses artificial intelligence to autonomously source, prioritize and generate ...