Ukraine

Russia's APT28 has deployed LAMEHUG and PROMPTSTEAL malware that queries large language models via Hugging Face to dynamically generate attack commands, marking the first confirmed use of AI-powered malware in active cyber operations.

Russia's APT28 weaponized CVE-2026-21509 within three days of Microsoft's disclosure, deploying MiniDoor email stealers and PixyNetLoader against Ukraine, Slovakia, and Romania.