
17-Year-Old Microsoft Excel Vulnerability Actively Exploited; Context.ai Exposes API Keys; NSA Continues Using Mythos Framework
A 17-year-old vulnerability in Microsoft Excel, tracked as CVE-2026-23456, remains actively exploited in targeted attacks, allowing arbitrary code execution via maliciously crafted spreadsheet files. The flaw affects all Excel versions from 2007 to 2026 and was disclosed by security firm Check Point Research on April 20, 2026. Context.ai inadvertently exposed Vercel API keys and internal credentials in a public GitHub repository, leading to unauthorized access to cloud infrastructure before the leak was remediated on April 19. The NSA confirmed it continues to use the Mythos cybersecurity framework despite its ban under Executive Order 14028, citing "mission-critical" dependencies, though no specific operational details were disclosed. No additional CVEs or patch release dates were provided for the Excel or Mythos-related issues.