The 72-Hour War: How Russian Hackers Weaponized Microsoft Office—And Why Every CISO Should Be Terrified
APT28 exploited CVE-2026-21509 within three days of patch disclosure. This isn’t a bug report. It’s a systemic market failure. THE TIMELINE THAT SHOULD SHAKE YOU January 26, 2026. Microsoft releases an out-of-band patch for CVE-2026-21509—a security feature bypass vulnerability in the world’s most ubiquitous productivity suite. January 29, 2026. Malicious documents exploiting that exact flaw […]