Russia’s APT28 has exploited a recently patched Microsoft Office.

Russian cyber‑espionage group APT28 quickly exploited the newly patched Microsoft Office vulnerability CVE‑2026‑21509, launching attacks just days after Microsoft issued fixes. Researchers from CERT‑UA and Zscaler observed the first malicious files on January 29, showing attackers likely reverse‑engineered the patch to develop the exploit. The campaign used weaponized Office documents to deliver malware including MiniDoor and PixyNetLoader, enabling remote access and data theft. Targeted victims were primarily in Central and Eastern Europe, with social‑engineering lures in multiple local languages.

Read more:

https://www.securityweek.com/russias-apt28-rapidly-weaponizes-newly-patched-office-vulnerability/