In an event that surprises absolutely no one anymore, APT28, Russia’s elite group of keyboard warriors, has decided that tweaking Microsoft Office vulnerabilities is apparently more exciting than watching late-night Russian infomercials. Their latest campaign, dubbed ‘Operation Neusploit’—presumably because even espionage needs snappy branding these days—has them exploring the deepest, darkest crevices of Microsoft Office’s security flaws.

On January 29, 2026, the cyber bandits took a break from their usual borscht-tasting parties to exploit CVE-2026-21509, a vulnerability so new that Microsoft probably hasn’t even had the time to acknowledge that, yes, it too, has joined the Hall of Fame of ‘Oops, how did we miss that?’ vulnerabilities. Their targets? The ever-exciting trio of Ukraine, Slovakia, and Romania—countries that continue to be the cyber equivalent of a darts board for these digital troublemakers.

While some might say the move is akin to finding creative ways to make toast, APT28’s commitment to breaking into Microsoft Office just goes to show you: in the world of cyber espionage, there’s no greater fun than hacking into software that the world loves to hate. Stay tuned as we wait for Microsoft to release yet another round of patch updates, possibly addressed in Comic Sans, just to keep things light.