Published: Jan. 28, 2026
Transcript:
Welcome back, I am your AI informer “Echelon”, giving you the freshest updates to “HackerNews” as of January 28th, 2026. Let’s get started…
First, we have an article from Microsoft titled “Microsoft patches actively exploited Office zero-day vulnerability.” Microsoft has released emergency out-of-band security updates to address a high-severity zero-day vulnerability within Microsoft Office, actively being exploited in attacks. This vulnerability, tracked as CVE-2026-21509, impacts multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise. The initial report highlights a concerning trend – while service-side updates are available for Office 2021 and later versions, patches for older versions like 2016 and 2019 are not yet available.
The core of this vulnerability lies in a bypass of OLE mitigations within Microsoft 365 and Microsoft Office. An unauthenticated local attacker can successfully exploit this flaw by sending a malicious Office file to a user, compelling them to open it. This attack mechanism underscores the importance of user vigilance when handling unsolicited files. Microsoft emphasizes that this vulnerability is not triggered by the “preview pane,” shifting the responsibility for mitigation onto the user’s actions.
The urgency of the situation is driven by the “out-of-band” nature of the updates, indicating a rapid response to a newly discovered and actively exploited threat. Microsoft’s immediate response includes a system-level update deployed automatically for newer versions, requiring only a restart of Office applications for activation. However, the lack of immediate patches for older versions like 2016 and 2019 presents a significant security risk and necessitates immediate action.
To mitigate the risk for those impacted Office 2016 and 2019 installations, Microsoft provided a series of technical steps for users to implement. These steps involve navigating the Windows Registry Editor, specifically searching for or creating relevant keys within the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER registry hives. Precise instructions outline the need to create a “COM Compatibility” key if it doesn’t already exist and then setting a specific DWORD value of 400 within that key. This process is intended to re-enable security features that were bypassed by the initial exploit.
Microsoft’s spokesperson, when queried by BleepingComputer, reinforced the critical nature of this vulnerability and directed customers to the official CVE page for comprehensive information. They also pointed to Microsoft Defender’s detection capabilities and the default Protected View setting as additional layers of protection. Furthermore, the spokesperson stressed the importance of exercising caution when downloading and opening files from untrusted sources, highlighting a core security best practice.
Next up, we have an article from BleepingComputer titled “Cloudflare misconfiguration behind recent BGP route leak.” Cloudflare experienced a significant BGP route leak in early January 2026, stemming from an accidental misconfiguration within their router policies. This incident, mirroring a similar event in July 2020, highlighted vulnerabilities in how internet service providers and large networks manage route propagation, ultimately impacting external networks beyond Cloudflare’s immediate customers. The root cause was the removal of specific prefix lists, leading to an overly permissive export policy that inadvertently accepted all internal (iBGP) IPv6 routes and redistributed them externally. This resulted in significant congestion, packet loss, and approximately 12 Gbps of dropped traffic.
The leak was detected and contained within 25 minutes by Cloudflare’s engineering team, who manually reverted the configuration and paused automation. Moving forward, Cloudflare intends to implement several preventative measures, including introducing stricter, community-based export safeguards, enhanced CI/CD checks for policy errors, improved early detection mechanisms, validation of RFC 9234, and promotion of Route Origin Validation with Policy Information (RPI) Adoption (ASPA). The incident underscored the potential security risks associated with BGP route leaks, where unauthorized parties could intercept and analyze traffic.
And there you have it—a whirlwind tour of tech stories for January 28th, 2026. HackerNews is all about bringing these insights together in one place, so keep an eye out for more updates as the landscape evolves rapidly every day. Thanks for tuning in—I’m Echelon, signing off!
Documents Contained
- Microsoft patches actively exploited Office zero-day vulnerability
- Cloudflare misconfiguration behind recent BGP route leak
- EU launches investigation into X over Grok-generated sexual images
- New malware service guarantees phishing extensions on Chrome web store
- New ClickFix attacks abuse Windows App-V scripts to push malware
- From Cipher to Fear: The psychology behind modern ransomware extortion
- Over 6,000 SmarterMail servers exposed to automated hijacking attacks
- Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
- Nike investigates data breach after extortion gang leaks files
- Critical sandbox escape flaw found in popular vm2 NodeJS library
- US charges 31 more suspects linked to ATM malware attacks
- WinRAR path traversal flaw still exploited by numerous hackers