Microsoft Patches Actively Exploited Office Zero-Day as Ransomware Groups Target Major Supply Chains

Publication Date: January 27, 2026

Summary

This cybersecurity brief for January 27, 2026, covers multiple critical incidents, led by an emergency out-of-band patch from Microsoft for an actively exploited zero-day (CVE-2026-21509) in Office, prompting a CISA directive. Concurrently, the RansomHub group has claimed a major attack on Apple supplier Luxshare, and the fallout from a previous breach at Under Armour sees 72 million customer records leaked. Other significant events include a critical RCE flaw patched in Zoom, active exploitation of a Fortinet SSO bypass, and the EU's proposal for a revised Cybersecurity Act to counter supply chain threats.

Today New Articles

Microsoft Scrambles to Patch Actively Exploited Office Zero-Day, CISA Issues Urgent Directive

Microsoft has issued an emergency out-of-band security update for a high-severity zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509. The flaw, a security feature bypass with a CVSS score of 7.8, is being actively exploited in targeted attac...

Cyberattack Cripples Digital Services at Germany's Dresden State Art Collections

Germany's Dresden State Art Collections (SKD), one of Europe's most significant museum networks, has been hit by a cyberattack that caused widespread disruption to its digital infrastructure. The attack knocked out the SKD's online ticketing system, visitor se...

Widespread Phishing Campaign Abuses Microsoft Teams Guest Invites to Target 6,000+ Users

A large-scale phishing campaign is abusing Microsoft Teams' guest invitation feature to target thousands of users with fake billing notices. Researchers at Check Point have observed over 12,000 phishing emails sent to more than 6,100 users, primarily in the ma...

Health-ISAC Report: AI-Enabled Attacks Named Top Threat to Healthcare Sector in 2026

The Health Information Sharing and Analysis Center (Health-ISAC) has released its 2026 Global Health Sector Threat Landscape report, identifying AI-enabled attacks as the number one projected concern for the year. Based on surveys of healthcare executives and...

Article Updates

Everest Ransomware Leaks Data of 72 Million Under Armour Customers After Failed Talks

Update:New developments in the Under Armour data breach, attributed to the Everest ransomware group, include the filing of a class-action lawsuit against the company in the U.S. This legal action highlights the escalating consequences for Under Armour following the e...

Zoom & GitLab Race to Patch Critical Flaws, Including a 9.9 CVSS RCE Bug

Update:The new article provides crucial specifics for CVE-2026-22844, clarifying the vulnerability as a command injection exploitable by an authenticated participant within a meeting, a more precise attack vector than previously stated. Affected versions are identifi...

New 'Osiris' Ransomware Borrows TTPs from Medusa and Inc Gangs, Uses Signed Driver to Kill AV

Update:Further analysis of the Osiris ransomware confirms its continued use of the 'Poortry' malicious kernel driver for defense evasion. New information indicates this driver is deceptively signed and designed to masquerade as a legitimate Malwarebytes component, al...

Warning: Fully Patched FortiGate Firewalls Are Being Compromised via New SSO Bypass

Update:Fortinet has officially confirmed active exploitation of a critical authentication bypass vulnerability affecting its FortiCloud Single Sign-On (SSO) feature on FortiGate firewalls. This vulnerability, explicitly linked to CVE-2025-59718 and CVE-2025-59719, is...