Microsoft patches exploited Office zero-day, Fortinet fixes SSO flaw
▼ Summary
– Poland successfully defended its energy infrastructure from a suspected Russian cyberattack using new data-wiping malware in late December 2025.
– Microsoft and Fortinet issued emergency patches for actively exploited zero-day vulnerabilities in Office (CVE-2026-21509) and FortiCloud SSO (CVE-2026-24858), respectively.
– Google disrupted the Ipidea residential proxy network, used by over 550 threat groups to mask attack traffic, and updated Android theft protections.
– The European Commission opened a formal investigation into X’s AI tool Grok over risks related to the spread of illegal content, including manipulated explicit images.
– Multiple major tech incidents occurred, including compromised updates for eScan antivirus, a guilty verdict for a Google engineer stealing AI secrets, and France phasing out Zoom and Teams over security concerns.
The cybersecurity landscape remains dynamic, with recent developments highlighting critical vulnerabilities and strategic shifts in defense. Microsoft has issued emergency security updates to address an actively exploited zero-day flaw in Office, identified as CVE-2026-21509, which allows attackers to bypass security features. This urgent patch underscores the need for organizations to apply updates promptly. In a related significant update, Fortinet has begun rolling out patches for a critical single sign-on (SSO) vulnerability in its FortiCloud service, tracked as CVE-2026-24858, which was exploited to gain unauthorized administrative access to firewalls. These incidents serve as a stark reminder of the persistent threat posed by unpatched software.
Beyond these immediate patches, several other high-profile security events unfolded. In Poland, a suspected Russian cyberattack aimed at energy infrastructure with data-wiping malware was successfully repelled. Meanwhile, attackers are employing sophisticated methods, such as using Windows App-V scripts to disguise infostealer malware and bypass enterprise security controls. Older vulnerabilities also continue to pose risks; Mandiant warns that the WinRAR flaw CVE-2025-8088 remains a popular tool for both state-sponsored and financially motivated hackers despite a fix being available for months.
The software supply chain faced renewed scrutiny as the update mechanism for eScan antivirus was compromised to deliver malicious payloads, disabling the security product on affected endpoints. SolarWinds also urged customers to immediately upgrade its Web Help Desk software to address multiple critical remote code execution vulnerabilities. In a broader defensive action, Google disrupted the Ipidea residential proxy network, a service used by over 550 threat groups to mask their attack origins.
On the policy and compliance front, the European Commission opened a formal investigation into X’s AI tool, Grok, over risks related to the spread of illegal content. France announced a move to phase out non-European videoconferencing tools like Zoom and Microsoft Teams from government use, citing security concerns. Regulatory actions also saw France’s public employment agency, France Travail, fined €5 million for failing to protect job seeker data after a social engineering attack.
Technology providers are rolling out new features and facing new challenges. Microsoft announced that its Entra ID service will soon auto-enable passkey profiles and support synced passkeys, enhancing passwordless authentication. Google, however, faces privacy questions as it integrates Gmail and Photos data into its AI-powered Search results. Anthropic expanded its Claude AI platform with interactive tool support via the Model Context Protocol, allowing deeper integration with external applications.
The intersection of artificial intelligence and security continues to evolve. Microsoft launched Purview Data Security Investigations, an AI-powered tool for conducting internal probes into data breaches and policy violations. However, a new study raises alarms about the data collection practices of popular AI-powered browser extensions like Grammarly and QuillBot. The relentless data demands of AI systems are testing enterprise privacy guardrails, expanding the operational role of privacy teams.
Open-source tools are playing an increasingly vital role in both defense and offense. The CERT Coordination Center released the UEFI Parser to help researchers find firmware vulnerabilities. Sonatype reported that open-source malware in 2025 increasingly targeted developer environments, reflecting a strategic shift in software supply chain attacks. For defenders, tools like Brakeman for Ruby on Rails and OPNsense 26.1 for firewall management provide essential resources.
Endpoint and mobile security saw notable updates. Google enhanced Android’s theft protection features on newer versions, making stolen devices significantly harder to use. Apple introduced a new privacy setting to limit precise location data sharing with cellular carriers. In a concerning campaign, ESET researchers uncovered Android spyware, dubbed GhostChat, being distributed through romance scams in Pakistan.
The human element of cybersecurity remains paramount. A survey by Tines indicates that security teams are taking on more responsibilities and tools, even as AI becomes integrated into workflows. Another study by Sumo Logic suggests security leaders often manage complex environments with less confidence. The Electronic Frontier Foundation launched a campaign pushing major tech companies to fulfill promises on implementing end-to-end encryption across their services.
Finally, the job market reflects these ongoing challenges, with a consistent demand for skilled professionals to navigate the complex and ever-changing threat landscape.
(Source: HelpNet Security)
