Russian state-sponsored hacking groups Turla and Gamaredon—both linked to the FSB—collaborated in a targeted cyber operation against Ukrainian government and defense systems. Gamaredon, known for high-volume spearphishing and removable drive infections, provided initial access by compromising machines with custom malware (e.g., PteroLNK, PteroStew). Turla then leveraged this access to deploy its Kazuar v3 backdoor, a sophisticated espionage tool, focusing on select high-value targets likely containing sensitive intelligence. In one instance, Turla remotely restarted its malware via Gamaredon’s infrastructure, demonstrating deep infiltration. The attack’s scope suggests strategic espionage, potentially compromising classified defense, diplomatic, or government communications. While the exact data exfiltrated remains undisclosed, the collaboration between two elite APT groups signals a coordinated effort to undermine Ukraine’s national security, with possible long-term repercussions for military operations, intelligence networks, or geopolitical stability. The use of FSB-aligned actors with Cold War-era ties underscores the attack’s state-level orchestration and intent to disrupt critical services or gather intelligence for strategic advantage.

Microsoft Releases Emergency Patch for Actively Exploited Office Zero-Day Microsoft has issued out-of-band security updates to address a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office, which is being actively exploited in attacks. The flaw, classified as a security feature bypass, affects multiple versions, including Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise. While patches are available for most affected versions, updates for Office 2016 and 2019 remain pending, with Microsoft promising their release as soon as possible. The vulnerability can be exploited by local attackers through low-complexity attacks requiring user interaction specifically, tricking a victim into opening a malicious Office file. The preview pane is not a viable attack vector. The flaw bypasses OLE mitigations in Microsoft 365 and Office, which are designed to protect users from vulnerable COM/OLE controls. For unpatched systems, Microsoft has provided temporary mitigation steps involving registry edits to reduce exploitation risks. These measures include creating or modifying specific registry keys to enforce compatibility flags. Microsoft has not disclosed details on the vulnerability’s discovery or its exploitation methods. The emergency update follows January 2026’s Patch Tuesday, which addressed 114 flaws, including another actively exploited zero-day in the Desktop Window Manager. Recent weeks have also seen additional out-of-band updates to resolve issues in Windows and Outlook caused by earlier patches.