Search results for CVE
Games & Commerce
18-year-old Excel bug still used in attacks, warning for legacy Office users
A Microsoft Excel security flaw first reported 18 years ago is still being exploited in real-world attacks, highlighting risks for organisations running unsupported software. The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2009-0238 to its catalogue of known exploited vulnerabilities and told U.S. federal civilian agencies to complete mitigation by April 28. The bug affects older Excel and Office components, while newer Excel versions are not affected.
AI & Enterprise
Tech Insight: Why software supply chains are being breached quickly amid the spread of AI coding
A widely used software package, Axios, was hacked after attackers took over a maintainer account, added a new dependency and shipped an update. The added package installed a tailored remote-access trojan and erased traces, while many security tools failed to flag it. Andreessen Horowitz partners said the case shows software supply-chain risk rising as AI coding spreads. They cited research finding AI agents more often pick vulnerable versions and enable new attacks such as slopsquatting, while detection remains slow in the industry.
AI & Enterprise
VMware Aria Operations flaw exploited in real-world attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed a vulnerability found in VMware Aria Operations has been exploited in real-world attacks. The flaw, tracked as CVE-2026-22719, is a high-risk command-injection issue affecting versions before 8.18.6. Broadcom warned it could allow unauthenticated attackers to run arbitrary commands and potentially lead to remote code execution during product support migration.