Updated
Updated · SecurityWeek · Apr 28
Akamai Reports New Windows Zero-Click Vulnerability CVE-2026-32202 Exploited by APT28
Updated
Updated · SecurityWeek · Apr 28

Akamai Reports New Windows Zero-Click Vulnerability CVE-2026-32202 Exploited by APT28

9 articles · Updated · SecurityWeek · Apr 28
  • Akamai identified that an incomplete patch for CVE-2026-21510 led to CVE-2026-32202, exploited by Russia-linked APT28 in attacks targeting Ukraine and EU countries.
  • The new bug enables zero-click credential theft via malicious LNK files, triggering NTLM authentication to attacker-controlled servers. Microsoft released fixes for CVE-2026-32202 in April 2026 after Akamai's disclosure.
  • APT28 chained multiple Windows vulnerabilities to bypass security features and achieve remote code execution. Microsoft and Akamai warn organizations to update systems, as exploitation was observed in late 2025.
With Russia's top hackers exploiting Windows, who are their next targets?
Are 'incomplete' security patches the new breeding ground for zero-day exploits?
How long until this state-sponsored cyberweapon is used for ransomware attacks?
Can simply viewing a file icon now let hackers steal your passwords?
Why did the US government give agencies only two weeks to fix this flaw?

Related Stories

SecurityWeekApr 28
orca.securityApr 28
linkedinApr 28
socprime.comApr 28
The Hacker NewsApr 28
YouTubeApr 28
XApr 28
InstagramApr 28
xmcyber.comApr 28