Office 2016 and Office 2019 End of Life Presents New Vulnerabilities
Microsoft ended support for Office 2016 and Office 2019 on October 14, 2025, leading organizations to confront new cybersecurity risks as bug fixes and security updates cease. Institutions relying on these products must now address unpatched vulnerabilities or risk exposure to cyberattacks. This transition marks an urgent inflection point for IT teams managing legacy software assets.
Unsupported Software as an Attack Vector
With Microsoft no longer releasing updates for Office 2016 and Office 2019, known and newly discovered vulnerabilities remain unaddressed. Attackers often seek out end-of-life software, exploiting unpatched flaws such as remote code execution bugs, privilege escalation, and macro-based malware. Legacy document formats and ActiveX controls are likely avenues for exploitation.
Migration Strategies and Security Recommendations
Organizations are advised to transition to Microsoft 365, which offers regular security patches and advanced threat mitigation tools. The platform’s automated updates and integrated phishing protections significantly reduce the window of exploitation. Security teams must audit networks for obsolete Office installations, facilitate upgrades, and communicate risk awareness to all users.
Operational Impact and Compliance Considerations
Institutions failing to migrate promptly risk compliance violations, as regulatory frameworks increasingly require active software maintenance. Additionally, outdated systems can become systemic weaknesses, undermining business continuity and introducing liabilities in incident response and digital forensics.
Spyware Campaign “Landfall” Targets Samsung Galaxy Devices via Zero-Day Exploits
A sophisticated spyware campaign named “Landfall” has been identified targeting Samsung Galaxy S22-S24 series and Z flip/Z fold 4 devices, primarily affecting users in North Africa. The cyberattack exploits previously unknown vulnerabilities in Samsung’s image processing libraries, raising concerns about the scale and depth of commercial and state-sponsored surveillance.
Exploit Chain and Technical Details
The attack leverages zero-day flaws enabling remote code execution through the handling of specially crafted DNG (Digital Negative) image files. When victims receive malicious images—often via messaging platforms like WhatsApp—these images trigger an automatic download of a ZIP archive containing the spyware binary. Once executed, the malware establishes persistent control, exfiltrating sensitive data and enabling remote command.
Targets and Attribution
Analysis suggests the operation is aimed at high-value individuals, possibly as part of a broader government-directed surveillance initiative or commercial spy-for-hire activity. The malware’s modular architecture is designed for stealth and extensibility, with capabilities such as keystroke logging, audio recording, and encrypted data transmission.
Mitigation and Response
Samsung released security advisories and patches for affected devices; users are urged to update their firmware and exercise caution when receiving unsolicited media files. Mobile security products should monitor for suspicious ZIP downloads and anomalous network activity, particularly among at-risk demographics.
US and International Agencies Address Bulletproof Hosting Cybercrime Risks
On November 19, a coalition of US and international government agencies published a comprehensive guide aimed at mitigating threats originating from bulletproof hosting providers. This initiative responds to the increasing exploitation of bulletproof services by ransomware operators, phishing campaigns, and large-scale botnets.
Bulletproof Hosting Explained
Bulletproof hosting refers to infrastructure providers who deliberately ignore or circumvent abuse reports, shielding criminal operations from takedown attempts. Such providers host phishing sites, malware distribution campaigns, and C2 infrastructure behind legal or jurisdictional loopholes.
Key Mitigation Strategies
The guide recommends:
- Identifying suspicious IP ranges associated with bulletproof hosts and blacklisting them in network firewalls.
- Implementing automated abuse reporting mechanisms to expedite provider notification.
- Leveraging threat intelligence to correlate hosting histories and apply predictive mitigation to emerging attacks.
- Using domain-based controls such as DNS filtering to block access to known malicious hosted sites.
Broader Policy Recommendations
Agencies encourage international cooperation and legal reforms to curtail the operations of bulletproof hosting companies, involving cross-border law enforcement and multilateral agreements to improve takedown capabilities.