Microsoft Office Articles

APT28 Exploits Microsoft Office Zero-Day in Operation Neusploit Targeting Ukraine

Russia's APT28 weaponized CVE-2026-21509 within three days of Microsoft's disclosure, deploying MiniDoor email stealers and PixyNetLoader against Ukraine, Slovakia, and Romania.

February 3, 2026 APT28 Russia zero-day

CISA Adds Five Vulnerabilities to KEV Catalog Including Microsoft Office Zero-Day

New additions include CVE-2026-21509 actively exploited by APT28, a Linux kernel flaw from 2018, and SmarterMail vulnerabilities. Federal agencies face February 16 remediation deadline.

January 26, 2026 CISA KEV vulnerabilities