on February 11, 2026 at 12:00 am — New threat actor, UAT-9921, leverages VoidLink framework in campaigns
Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink. The VoidLink compile-on-demand feature lays down the foundations for AI-enabled attack frameworks, which can create tools on-demand for their operators. Cisco Talos found clear indications that implants also exist for
on February 10, 2026 at 8:00 am — CVE-2026-21258 Microsoft Excel Information Disclosure Vulnerability
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
on February 10, 2026 at 8:00 am — CVE-2026-21519 Desktop Window Manager Elevation of Privilege Vulnerability
Access of resource using incompatible type (‘type confusion’) in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
on February 10, 2026 at 8:00 am — CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements used in a command (‘command injection’) in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
on February 10, 2026 at 8:00 am — CVE-2026-21517 Windows App for Mac Installer Elevation of Privilege Vulnerability
Improper link resolution before file access (‘link following’) in Windows App for Mac allows an authorized attacker to elevate privileges locally.
on February 10, 2026 at 8:00 am — CVE-2026-21512 Azure DevOps Server Cross-Site Scripting Vulnerability
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
on February 10, 2026 at 8:00 am — CVE-2026-21259 Microsoft Excel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
on February 6, 2026 at 8:00 am — Chromium: CVE-2026-1862 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
on February 6, 2026 at 8:00 am — Chromium: CVE-2026-1862 Type Confusion in V8 Read More »