Microsoft has issued three out-of-band updates in January 2026, a rare break from its usual Patch Tuesday schedule due to pressing threats. The most critical is CVE-2026-21509, a Microsoft Office vulnerability being actively exploited. Organisations should accelerate testing and deployment of these patches, prioritising protection of critical systems without skipping validation. Notify end users to minimise workflow disruptions and review Office macro permissions. Firms handling sensitive data or in high-profile sectors must act with urgency, as attackers target delays in patch deployment. These unexpected releases signal an increasingly dynamic threat landscape—remain vigilant with patching and cautious with email, even internal communications.
Related Articles
128: Betterleaks: The Open Source Secrets Scanner Improving Code Security
- News Summariser
- March 15, 2026
- 0
Betterleaks is a new open-source secrets scanner designed to enhance project security by detecting API tokens, credentials, and cryptographic assets before they reach public repositories. […]
128: GrapheneOS and OVHcloud Partnership: Implications for Privacy, Compliance, and European Cloud Hosting
- News Summariser
- November 28, 2025
- 0
GrapheneOS, the privacy-first Android fork, has partnered with OVHcloud, Europe’s cloud provider noted for data sovereignty. This collaboration aims to boost digital privacy and compliance, […]
128: Agentic AI: The New Entrepreneur of Cyber Crime
- News Summariser
- November 20, 2025
- 0
Agentic AI—autonomous, mission-driven artificial intelligence—is rapidly transforming the cyber crime landscape. Cyber criminals are leveraging these tools to automate phishing, conduct reconnaissance, and negotiate ransoms, […]
