All articles by Igor Stepansky

Microsoft Office Zero-Day Actively Exploited – Emergency Patches Released

‘Orca Watch’ Series

Microsoft Office Zero-Day Actively Exploited – Emergency Patches Released

Quick Overview CVE-ID: CVE-2026-21509 CVSS Score: 7.8 (High) Affected Products: Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, Microsoft 365...

Jan 28, 2026

GNU InetUtils telnetd Authentication Bypass Grants Instant Root Access

‘Orca Watch’ Series

GNU InetUtils telnetd Authentication Bypass Grants Instant Root Access

A critical vulnerability (CVE-2026-24061, CVSS 9.8) was disclosed on January 20, 2026 affecting GNU InetUtils telnetd versions 1.9.3 through 2.7....

Jan 28, 2026

Part 2: Attackers Love Your GitHub Actions Too

Research

Part 2: Attackers Love Your GitHub Actions Too

In Part 1 of this blog series, we learned about GitHub Actions and their risks—now comes the fun part. It’s...

Nov 13, 2025

Part 1: Attackers Love Your GitHub Actions Too

Research

Part 1: Attackers Love Your GitHub Actions Too

Why do attackers love GitHub Actions, and why should you care? The answer lies in a dangerous combination of widespread...

Nov 12, 2025

1 2