CVE-2026-21509
-
APT28 exploits Microsoft Office bug to deploy email stealer and Covenant implant
Russia-linked APT28 exploited a Microsoft Office bypass tracked as CVE-2026-21509 to deliver an Outlook email stealer and a Covenant Grunt implant in Ukraine, Slovakia and Romania, researchers say.
-
Microsoft issues emergency patch for Office zero-day CVE-2026-21509
Microsoft issued out-of-band patches for Office zero-day CVE-2026-21509, rated 7.8. Service-side protection covers newer builds and a registry workaround is provided for older Office versions. Federal agencies must remediate by February 16, 2026.
