By Dark Reading
Publication Date: 2026-02-03 21:52:00
In the latest illustration of how quickly attackers can exploit newly disclosed flaws, Russia’s notorious APT28 cyber-espionage group has begun abusing a recently patched Microsoft vulnerability to steal emails and deploy malicious payloads against organizations in Central and Eastern Europe.
CVE-2026-21509 is a security feature bypass vulnerability in Microsoft Office for which Microsoft rushed an out-of-cycle patch on Jan. 26 after confirming active zero-day exploitation. The US Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its database of known exploited vulnerabilities at the time.
Speedy Exploit
According to Zscaler researchers, APT28 began exploiting the flaw just three days later, on Jan. 29, as part of a campaign they are tracking as Operation Neusploit. The attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to trigger the vulnerability and kick off a multistage infection chain that delivers different malicious payloads,…
