Signal

Ukraine CERT warns of in-the-wild exploitation of patched microsoft office CVE-2026-21509

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-02 18:18 UTCUpdated 2026-02-02 21:00 UTC

rss

cveexploitation_in_the_wildmicrosoft_officeaptukraine_certrussia_linked

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Russian hackers exploit recently patched Microsoft Office bug in attacks

bleepingcomputer_all · News · bleepingcomputer.com · 2026-02-02 21:00 UTC

Russia-linked APT28 attackers already abusing new Microsoft Office zero-day

The Register Security · News · go.theregister.com · 2026-02-02 18:18 UTC

limited source diversity in top sources

View all evidence

Overview

Ukraine’s national cyber defense team is warning that a recently patched Microsoft Office vulnerability is already being exploited in the wild. Reporting ties the activity to Russia-linked attackers and describes targeting focused on Ukrainian government agencies, with additional targeting of organizations across the EU.

Entities

Microsoft

Score total

1.02

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Ukraine CERT is publicly flagging active exploitation
Reports say exploitation began within days of disclosure/patching
Multiple outlets are linking the activity to Russia-linked actors

Why it matters

Rapid post-patch exploitation compresses defender response time
Office exploitation can enable high-impact compromise via common document workflows
Reported targeting includes government and cross-EU organizations

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Ukraine’s CERT says Russian hackers are exploiting CVE-2026-21509 in multiple versions of Microsoft Office shortly after it was patched.
Ukraine’s CERT warns the Office bug moved from disclosure to active exploitation within days, with Russia-linked APT28 cited as an abusing actor.
The reported targeting includes Ukrainian government agencies and organizations across the EU.

How sources frame it

BleepingComputer: neutral
The Register: neutral

Two-source cluster; both posts attribute rapid exploitation of a newly patched Microsoft Office CVE to Russia-linked actors per Ukraine CERT.

All evidence

Russian hackers exploit recently patched Microsoft Office bug in attacks

bleepingcomputer_all · bleepingcomputer.com · 2026-02-02 21:00 UTC

Russia-linked APT28 attackers already abusing new Microsoft Office zero-day

The Register Security · go.theregister.com · 2026-02-02 18:18 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

bleepingcomputer_all (1)
The Register Security (1)

Top origin domains (this list)

bleepingcomputer.com (1)
go.theregister.com (1)