Russia-linked APT28 is actively exploiting a newly disclosed Microsoft Office zero-day vulnerability, targeting Ukrainian government agencies and organizations in the EU. The bug allows attackers to deploy malware through weaponized documents, establishing a persistent foothold on affected systems. Despite Microsoft releasing patches, experts warn that cyberattacks using this vulnerability will likely increase.

Ukrainian Defense Forces were attacked by a charity-themed malware campaign delivering backdoor malware called PluggyApe, likely linked to the Russian threat groups Void Blizzard and Laundry Bear. The campaign used deceptive messages to lure victims into downloading malicious files disguised as documents. CERT-UA warns that mobile devices are increasingly targeted due to their weaker security.

A new wiper malware, dubbed "PathWiper," has been used in a destructive cyberattack against critical infrastructure in Ukraine. Conducted through a legitimate endpoint administration framework, the attack showcases a sophisticated understanding of the victim's environment by the attackers, likely associated with Russian nation-state actors.