Microsoft Office Zero-Day Exploited Days After Emergency Patch, Update ASAP

A hole in Microsoft Office is being exploited by bad actors, including Russian hackers targeting Ukraine's government.
The Hacker News

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe.
The Hacker News

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9 ...

Russian hackers exploit recently patched Microsoft Office bug in attacks

Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.
Infosecurity Magazine

Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks

Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says ...
GitHub

Metasploit Exploit CVE Coverage

This repository provides a daily, automatically updated JSON dataset detailing which exploits within the Metasploit Framework are associated with specific Common Vulnerabilities and Exposures (CVE) ...
Bleeping Computer

China-linked hackers exploited Sitecore zero-day for initial access

An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and ...
HotHardware

This Copilot Exploit Bypasses Safeguards, Steals Data, Even After Chat Is Closed

As AI gets more heavily integrated into Windows, enhanced cybersecurity is required to prevent it from being used against us. Take Reprompt, for example. Reprompt is a Copilot exploit, that can use ...