Microsoft releases urgent Office patch. Russian-state hackers pounce.

submitted by

arstechnica.com/security/2026/02/russian-state-…

13
160

Log in to comment

Hot Top New Old

Rather impressive how quickly the hackers reverse-engineered Microsoft’s patch and used the vulnerability whilst the opportunity was still available:

The threat group, tracked under names including APT28, Fancy Bear, Sednit, Forest Blizzard, and Sofacy, pounced on the vulnerability, tracked as CVE-2026-21509, less than 48 hours after Microsoft released an urgent, unscheduled security update late last month, the researchers said. After reverse-engineering the patch, group members wrote an advanced exploit that installed one of two never-before-seen backdoor implants.

 reply
25

And this is why quickly applying security updates is important.

 reply
22

Who needs a maintenance window or to test updates? Just roll the dice constantly.

 reply
6

Yeah if your OS is a fucking sieve

 reply
1

no worries copilot has screenshots

 reply
47

That’s so fucking on target

 reply
13

and onedrive has all your documents too in original form

 reply
7

Slopper companies like MS, Google, and Spotify are all having massive vulnerabilities. I wonder why.

 reply
45

It sounds like they’ve gotten fat, rich, and complacent. Just like some societies I know!

 reply
15

Obviously the problem is that office was not written in a safe language. rewrite office in rust!

 reply
5

I genuinely wonder if rust helps guarding against slop coding vulnerabilities, at least statistically.

 reply
5
edited

the compiler stops you from compiling most of incorrect code. unless AI learns to use unsafe blocks liberally, it will still prevent memory corruption bugs and such

 reply
3

Don’t forget Linux.

(XZ not technically Linux)

 reply
2
Insert image