A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai.
The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.
„Protection mechanism failure in MSHTML Framework allows an unauthorized
https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html