Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.

A hole in Microsoft Office is being exploited by bad actors, including Russian hackers targeting Ukraine's government.

Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says ...

APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe.

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9 ...

APT28's attacks use specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.

Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, ...

Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already ...

The hosting provider's compromise allowed attackers to deliver malware through tainted software updates for six months.

It's believed that, between June and November 10/December 2, 2025 (independent security experts and its hosting provider ...

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

Attackers are already exploiting one of the 57 vulnerabilities for which Microsoft issued a patch this week, and proof-of-concept (PoC) exploits are publicly available for two other vulnerabilities.