APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

/in

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai.
The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.
“Protection mechanism failure in MSHTML Framework allows an unauthorized

The Hacker News – ​Read More

Worried about AI job security? 5 simple ways to pivot at work now (instead of...North Korean APT Targets Air-Gapped Systems in Recent Campaign