Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft actively exploited vulnerabilities (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 54
2 unique sources, 3 articles

Summary

Hide ▲

Microsoft patched CVE-2026-21513, a high-severity MSHTML Framework security feature bypass that Microsoft said was already exploited as a zero-day in February 2026 Patch Tuesday. New reporting from Akamai says the flaw may have been exploited by APT28, using malicious HTML or LNK files to manipulate Windows Shell handling, bypass MotW and IE ESC, and potentially reach code execution outside the browser sandbox. Akamai tied the observed campaign to wellnesscaremed[.]com and said the vulnerable code path can be triggered through any component embedding MSHTML.

Related Happenings

Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale

Security Tool/Service
First: 13.05.2026 16:46 Last: 13.05.2026 16:46 Sources 1

About this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....

Open Happening

APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations

Campaign
First: 28.04.2026 08:50 Last: 28.04.2026 08:50 Sources 1

About this happening: A **December 2025** **APT28** campaign targeted **Ukraine** and **E.U. nations** with a **malicious Windows Shortcut (LNK)** chain that bypassed **Microsoft Defender SmartScreen**...

Open Happening

Russia-linked DRILLAPP campaign targeting Ukrainian entities

Campaign
First: 16.03.2026 11:07 Last: 16.03.2026 11:07 Sources 1

About this happening: A **Russia-linked** campaign is targeting **Ukrainian entities** with the **DRILLAPP** browser backdoor, expanding a covert operation that uses **judicial** and **charity-themed l...

Open Happening

APT28 wellnesscaremed[.]com multistage LNK campaign

Campaign
First: 02.03.2026 12:36 Last: 02.03.2026 12:36 Sources 1

How related: The LNK file initiates communication with the domain wellnesscaremed[.]com, which is attributed to APT28 and has been in extensive use for the campaign's multistage payloads.

About this happening: An **APT28**-linked **LNK/HTML delivery chain** is being used for **multistage payloads**, indicating an ongoing phishing-style operation that can broaden exploitation paths. The...

Open Happening

MuddyWater Operation Olalampo campaign targeting MENA organizations and individuals

Campaign
First: 23.02.2026 09:25 Last: 23.02.2026 09:25 Sources 1

About this happening: The **MuddyWater** campaign **Operation Olalampo** is actively targeting organizations and individuals across **MENA**, creating ongoing risk of remote compromise and follow-on in...

Open Happening

Timeline

  1. 11.02.2026 12:22 4 articles · 3mo ago

    Microsoft releases fixes for six actively exploited vulnerabilities

    Initial Disclosure

    Microsoft releases security updates for 59 flaws across its software, including six vulnerabilities that were actively exploited in the wild across Windows Shell, MSHTML Framework, Microsoft Office Word, Desktop Window Manager, Windows Remote Access Connection Manager, and Windows Remote Desktop. CISA adds all six CVEs to the Known Exploited Vulnerabilities (KEV) catalog and requires Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by March 3, 2026.

    Show sources
    Open in new tab