APT28 Weaponizes Microsoft Office Zero-Day Within 72 Hours, Deploying Steganographic Loaders and Cloud-Based C2 Across Six NATO-Adjacent Countries
Russia's APT28 exploited CVE-2026-21509, a Microsoft Office OLE bypass, within 72 hours of disclosure to hit military targets across six NATO-adjacent countries with steganographic loaders and cloud-based C2.
5 min read4 sources