Microsoft releases urgent Office patch. Russian-state hackers pounce.
Summary
Ars Technica reports that Russian-state hackers exploited a Microsoft Office vulnerability (CVE-2026-21509) within 48 hours of an urgent patch, compromising diplomatic, maritime, and transport networks across multiple countries. The campaign used in-memory, fileless techniques and cloud-based C2 with two novel backdoors, illustrating the urgency of rapid patching and layered defense.