Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the ...
CSO Online

Russian hackers exploited a critical Office bug within days of disclosure

Within days of Microsoft patching a critical Office zero-day, the Russia-linked group “APT28” was already exploiting the flaw in a live campaign tracked as Operation Neusploit.
SecurityWeek

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability

APT28 rushed to exploit the Office vulnerability CVE-2026-21509, with the first attacks observed just days after Microsoft announced fixes.

Russian hackers are targeting a new Office 365 zero-day, so patch now

Ukraine's defenders have spotted a new hacking attack ...
The Register on MSN

Russia-linked APT28 attackers already abusing new Microsoft Office zero-day

Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already ...
Redmondmag.com

Russian Hackers Continue Exploiting Microsoft Office Zero-Day After Emergency Patch

Microsoft issued an out-of-band security update on Jan. 26 to address CVE-2026-21509, a Microsoft Office vulnerability the ...
Dark Reading

Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

APT28's attacks use specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.

Russian hackers exploit recently patched Microsoft Office bug in attacks

Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.