CVE-2026-21509 Articles

APT28 Exploits Microsoft Office Zero-Day in Operation Neusploit Targeting Ukraine

Russia's APT28 weaponized CVE-2026-21509 within three days of Microsoft's disclosure, deploying MiniDoor email stealers and PixyNetLoader against Ukraine, Slovakia, and Romania.

February 3, 2026 APT28 Russia zero-day

CISA Adds Five Vulnerabilities to KEV Catalog Including Microsoft Office Zero-Day

New additions include CVE-2026-21509 actively exploited by APT28, a Linux kernel flaw from 2018, and SmarterMail vulnerabilities. Federal agencies face February 16 remediation deadline.

January 26, 2026 CISA KEV vulnerabilities

Microsoft Patches Actively Exploited Office Zero-Day Used by APT28

CVE-2026-21509 bypasses OLE security mitigations in Microsoft Office. Russia-linked APT28 is exploiting it against targets in Ukraine and the EU. Emergency patches available.

January 26, 2026 Microsoft zero-day vulnerability