ALL POSTS

Key Findings Oracle released an emergency patch for CVE-2026-21992, a critical remote code execution vulnerability in Identity Manager and Web Services Manager The flaw has a CVSS score of 9.8 and requires no authentication, allowing attackers to execute code over HTTP Affected versions are Identity Manager 12.2.1.4.0 and 14.1.2.1.0, plus Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0 Oracle classified the vulnerability as "easily exploitable" with low complexity No

Key Findings Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. The vulnerability is a security feature bypass that allows an unauthorized attacker to bypass security protections locally by sending a malicious Office file. Microsoft confirmed the Preview Pane is not an attack vector, but did not disclose technical details about the active exploits. Office 2021 and later are automa