Operation Neusploit: APT28 Uses CVE-2026-21509

**Operation Neusploit** is a multi-stage APT campaign (linked to APT28) that leverages CVE-2026-21509 to deliver two DLL dropper variants: one installs an Outlook VBA stealer named MiniDoor to exfiltrate email, and the other (PixyNetLoader) deploys a COM-hijacking DLL (EhStoreShell.dll) that extracts steganographic shellcode from a PNG and hosts a .NET Covenant Grunt implant via CLR hosting; the report details technical TTPs, persistence (registry COM entries, scheduled task, macro downgrading), IOCs (mutex names, file paths, registry keys, scheduled task XML), and includes links to extracted artifacts and analysis code.