CISA warns of a nasty flaw abusing Excel

US Government’s Cybersecurity and Infrastructure Agency (CISA) has warned of a major bug in an open-source Perl library that reads Excel files known as Spreadsheet::ParseExcel. The vulnerability allows remote code execution, potentially enabling threat actors to run malware. Government agencies must address this flaw by January 23. The bug was first discovered by Barracuda, who noted Chinese hackers exploiting it. Despite Barracuda patching its own systems, the open-source library remains vulnerable.