{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/data-confidentiality/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*","cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*","cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*","cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*","cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*","cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*","cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x64:*","cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x86:*","cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-44803"},{"cvss":7,"id":"CVE-2026-44818"},{"cvss":7.8,"id":"CVE-2026-44819"},{"cvss":7.8,"id":"CVE-2026-45469"},{"cvss":7.8,"id":"CVE-2026-45475"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Microsoft 365 Apps pour Enterprise pour systèmes 32 bits","Microsoft 365 Apps pour Enterprise pour systèmes 64 bits","Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5556.1001","Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5556.1001","Microsoft Excel pour Android","Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5556.1005","Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5556.1005","Microsoft Office 2019 pour éditions 32 bits","Microsoft Office 2019 pour éditions 64 bits","Microsoft Office 365 pour Mac","Microsoft Office LTSC 2021 pour éditions 32 bits","Microsoft Office LTSC 2021 pour éditions 64 bits","Microsoft Office LTSC 2024 pour éditions 32 bits","Microsoft Office LTSC 2024 pour éditions 64 bits","Microsoft Office LTSC pour Mac 2021","Microsoft Office LTSC pour Mac 2024","Microsoft Office pour Android","Microsoft PowerPoint pour Android","Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5556.1000","Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5556.1000","Microsoft Word pour Android","Office Online Server versions antérieures à 16.0.10417.20137"],"_cs_severities":["high"],"_cs_tags":["vulnerability","microsoft-office","remote-code-execution","privilege-escalation","data-confidentiality","windows","macos","android"],"_cs_type":"threat","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCERT-FR has released an advisory detailing 31 critical and high-severity vulnerabilities affecting numerous Microsoft Office products. These vulnerabilities, identified by CVEs such as CVE-2026-44803 (the first listed) and CVE-2026-47635 (the last listed), were disclosed by Microsoft on June 9, 2026. The flaws impact a wide range of Office applications, including Microsoft 365 Apps, various versions of Excel, Word, PowerPoint, and Office Online Server, across Windows, macOS, and Android platforms. Successful exploitation of these vulnerabilities could lead to arbitrary remote code execution, elevation of privileges on affected systems, and unauthorized access to sensitive data, posing a significant risk to organizational assets. While no specific threat actors or active exploitation campaigns are detailed in the advisory, these types of vulnerabilities are frequently targeted by advanced persistent threats and opportunistic attackers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access\u003c/strong\u003e: A user receives and opens a specially crafted Microsoft Office document (e.g., Word, Excel, or PowerPoint file) delivered via a phishing email, malicious download, or other social engineering methods.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploitation\u003c/strong\u003e: The malicious document leverages one of the disclosed vulnerabilities (e.g., CVE-2026-44803) within the vulnerable Microsoft Office application upon opening or specific user interaction.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRemote Code Execution\u003c/strong\u003e: Successful exploitation results in remote code execution (RCE) within the context of the compromised Office application process, allowing the attacker to execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePayload Delivery\u003c/strong\u003e: The executed code downloads and executes additional malicious payloads (e.g., malware droppers, backdoors, or command-and-control agents) from an external attacker-controlled server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation\u003c/strong\u003e: The attacker may then exploit another vulnerability (e.g., CVE-2026-44812) or leverage a misconfiguration to escalate privileges, gaining higher system access on the compromised host.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eObjective Achievement\u003c/strong\u003e: With elevated privileges and persistent access, the attacker can proceed with their objectives, which may include lateral movement across the network, exfiltration of sensitive data, further system compromise, or deployment of additional malicious software.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of these vulnerabilities could have severe consequences for affected organizations. Attackers could gain complete control over compromised systems, leading to extensive data breaches, operational disruption, and the deployment of ransomware or other destructive malware. While the advisory does not specify the number of victims or targeted sectors, the broad impact across common Microsoft Office products means that organizations of all sizes and industries are potentially at risk. The combination of remote code execution, privilege escalation, and data confidentiality compromise could lead to significant financial losses, reputational damage, and regulatory penalties.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-44803, CVE-2026-44812, CVE-2026-44817, CVE-2026-44818, CVE-2026-44819, CVE-2026-44820, CVE-2026-44821, CVE-2026-44822, CVE-2026-44823, CVE-2026-44824, CVE-2026-45455, CVE-2026-45456, CVE-2026-45457, CVE-2026-45458, CVE-2026-45459, CVE-2026-45460, CVE-2026-45461, CVE-2026-45463, CVE-2026-45466, CVE-2026-45469, CVE-2026-45471, CVE-2026-45472, CVE-2026-45474, CVE-2026-45475, CVE-2026-45485, CVE-2026-45486, CVE-2026-45643, CVE-2026-45645, CVE-2026-45649, CVE-2026-47293, and CVE-2026-47635 by applying the latest security updates from Microsoft for all affected Office products and versions immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026quot;Detect Suspicious Child Process by Microsoft Office Application\u0026quot; Sigma rule to detect post-exploitation activity from Office applications.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026quot;Detect Outbound Network Connection from Microsoft Office Application\u0026quot; Sigma rule to monitor for unusual C2 communications.\u003c/li\u003e\n\u003cli\u003eEnsure Sysmon process creation (Event ID 1), network connection (Event ID 3), and file creation (Event ID 11) logging is enabled on all Windows endpoints to generate the necessary telemetry for the detection rules in this brief.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-14T09:15:49Z","date_published":"2026-06-14T09:15:49Z","id":"https://feed.craftedsignal.io/briefs/2026-06-microsoft-office-vulnerabilities/","summary":"CERT-FR has disclosed 31 vulnerabilities in various Microsoft Office products, including CVE-2026-44803 and CVE-2026-47635, which could allow remote code execution, privilege escalation, and data confidentiality compromise.","title":"Multiple Vulnerabilities in Microsoft Office Products (June 2026)","url":"https://feed.craftedsignal.io/briefs/2026-06-microsoft-office-vulnerabilities/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-8045"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["EcoStruxure IT Data Center Expert (\u003c 9.1.2)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","scada","ics","data-confidentiality","information-disclosure"],"_cs_type":"advisory","_cs_vendors":["Schneider Electric"],"content_html":"\u003cp\u003eCERT-FR has issued an advisory regarding a significant vulnerability, CVE-2026-8045, discovered in Schneider Electric EcoStruxure IT Data Center Expert products. This flaw affects all versions prior to 9.1.2 and enables an attacker to compromise the confidentiality of data stored or processed by the system. EcoStruxure IT Data Center Expert is a critical management software for data center infrastructure, meaning a breach could expose sensitive operational data, configurations, or even credentials. The vulnerability's exact technical details are not publicly disclosed, but its impact on data confidentiality necessitates immediate patching to mitigate the risk of unauthorized information access and potential exfiltration by malicious actors.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Schneider Electric EcoStruxure IT Data Center Expert instance accessible via the network, potentially through passive reconnaissance.\u003c/li\u003e\n\u003cli\u003eThe attacker determines the target system is running a vulnerable version prior to 9.1.2.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages CVE-2026-8045 by sending specially crafted network requests or inputs to the EcoStruxure IT DCE service.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation of the vulnerability bypasses existing access controls or triggers an information disclosure flaw.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to internal files, databases, or configuration parameters containing sensitive information on the EcoStruxure IT DCE server.\u003c/li\u003e\n\u003cli\u003eThe attacker enumerates and discovers confidential data, which may include operational settings, device credentials, or network topology information.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts or views the identified sensitive data, leading to a breach of data confidentiality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-8045 directly results in a data confidentiality breach. For organizations utilizing EcoStruxure IT Data Center Expert, this means an attacker could gain unauthorized access to critical data center information, such as device configurations, passwords, operational metrics, and potentially sensitive customer data. Such exposure could lead to further network compromise, intellectual property theft, regulatory fines, reputational damage, and operational disruption. The advisory does not specify observed victim numbers or targeted sectors, but any organization using affected versions is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update Schneider Electric EcoStruxure IT Data Center Expert installations to version 9.1.2 or higher as recommended in the Schneider Electric bulletin (SEVD-2026-160-01).\u003c/li\u003e\n\u003cli\u003eMonitor network connections originating from EcoStruxure IT Data Center Expert systems for unusual outbound traffic patterns, especially large data transfers, using rules like \u0026quot;Detect Large Outbound Network Connections from EcoStruxure IT DCE\u0026quot;.\u003c/li\u003e\n\u003cli\u003eImplement robust network segmentation to restrict direct exposure of EcoStruxure IT Data Center Expert instances, reducing the attack surface for CVE-2026-8045.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-14T09:08:06Z","date_published":"2026-06-14T09:08:06Z","id":"https://feed.craftedsignal.io/briefs/2026-06-schneider-ecostruxure-data-confidentiality/","summary":"A critical vulnerability, CVE-2026-8045, has been identified in Schneider Electric EcoStruxure IT Data Center Expert versions prior to 9.1.2, allowing an attacker to achieve unauthorized access to sensitive data and compromise its confidentiality.","title":"Vulnerability in Schneider Electric EcoStruxure IT Data Center Expert Leads to Data Confidentiality Compromise (CVE-2026-8045)","url":"https://feed.craftedsignal.io/briefs/2026-06-schneider-ecostruxure-data-confidentiality/"}],"language":"en","title":"CraftedSignal Threat Feed - Data-Confidentiality","version":"https://jsonfeed.org/version/1.1"}