Critical Spreadsheet Formula Vulnerability Enables Remote Code Execution (RCE)
cybersecurityremote_code_executionspreadsheet_vulnerabilitiesMicrosoft_ExcelGoogle_SheetspatchesAI_exploitszero_day_attacksanti_spamExchange_Online
A vulnerability in spreadsheet formulas (Excel, Google Sheets) allows remote code execution (RCE) through malicious expressions, which has been exploited since January 2026. Microsoft and Google have released patches for affected versions (Excel 365 v2401+, Sheets v1.2026.01). The attacks target users opening infected files, impacting data confidentiality and integrity. Additionally, generative AI tools (LLMs) are being used to automate exploit creation, accelerating zero-day attacks. Microsoft has also strengthened its anti-spam filters for Exchange Online, reducing unwanted messages by 40% since January 15, 2026.