Russia-linked APT28 is actively exploiting a newly disclosed Microsoft Office zero-day vulnerability, targeting Ukrainian government agencies and organizations in the EU. The bug allows attackers to deploy malware through weaponized documents, establishing a persistent foothold on affected systems. Despite Microsoft releasing patches, experts warn that cyberattacks using this vulnerability will likely increase.

A Windows vulnerability (CVE-2025-24054) rated as low exploitability by Microsoft was quickly weaponized by attackers within eight days, targeting government and enterprise entities in Poland and Romania. The flaw allows attackers to leak NTLM hashes through phishing tactics, enabling them to impersonate victims with minimal user interaction. Researchers emphasize the urgent need for organizations to apply patches promptly to mitigate risks associated with NTLM vulnerabilities.