Russia-linked APT28 is actively exploiting a newly disclosed Microsoft Office zero-day vulnerability, targeting Ukrainian government agencies and organizations in the EU. The bug allows attackers to deploy malware through weaponized documents, establishing a persistent foothold on affected systems. Despite Microsoft releasing patches, experts warn that cyberattacks using this vulnerability will likely increase.

APT28, a Russian state-sponsored hacking group, has been using Signal chats to target Ukrainian government entities with new malware families, BeardShell and SlimAgent. These attacks involve phishing tactics to deliver malicious documents that exploit Windows vulnerabilities, allowing for data exfiltration and unauthorized access to sensitive information. CERT-UA has identified these activities, emphasizing the need for vigilance against threats linked to Signal's usage.