Cyber Incident Response // Cyber Security // Cyber Crime // Cyber Terrorism // Cyber Defense
Right. So. I spent half of last week writing about APT28's Operation MacroMaze phishing circus and barely had time to finish my fourth coffee before Akamai dropped this particular turd in my inbox. APT28 — Russia's GRU-affiliated gift that keeps on giving — was out here quietly burning a zero-day in the MSHTML Framework, CVE-2026-21513, … Continue reading APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open
Right. So. I spent half of last week writing about APT28's Operation MacroMaze phishing circus and barely had time to finish my fourth coffee before Akamai dropped this particular turd in my inbox. APT28 — Russia's GRU-affiliated gift that keeps on giving — was out here quietly burning a zero-day in the MSHTML Framework, CVE-2026-21513, … Continue reading APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open
TL;DR APT28's Operation MacroMaze uses macro-laced Office docs and legitimate webhook services to exfiltrate data undetected. Here's how it works and why your defenses are probably missing it. Alright, pull up a chair, because this one is actually clever — which is more than I can say for most of the brain-dead ransomware slop I … Continue reading APT28 Operation MacroMaze and how Russia’s Sneakiest Phishing Campaign Just Got Documented