Russian hackers exploit recently patched Microsoft Office bug in attacks

Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.

Microsoft Office Zero-Day Exploited Days After Emergency Patch, Update ASAP

A hole in Microsoft Office is being exploited by bad actors, including Russian hackers targeting Ukraine's government.
Infosecurity Magazine

Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks

Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says ...
Dark Reading

Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

APT28's attacks use specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
The Hacker News

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe.
The Register on MSN

Russia-linked APT28 attackers already abusing new Microsoft Office zero-day

Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already ...

The Notepad++ website was hijacked by 'malicious actors' last year and security researchers ...

It's believed that, between June and November 10/December 2, 2025 (independent security experts and its hosting provider ...
CSO Online

Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

The hosting provider's compromise allowed attackers to deliver malware through tainted software updates for six months.