outlook vulnerability

A new proof of concept (PoC), identified as CVE-2025-21298, has been released for a Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE).

The Russian APT28 hackers launched a cyberattack against the NTLMv2 hash relay attack, targeting high-value sectors such as diplomacy, energy, defense, and transportation across the globe. They exploited vulnerabilities in software including Cisco networking equipment, Microsoft Outlook and WinRAR to gain access and data.