Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA and Microsoft have warned. About CVE-2026-32202 CVE-2026-32202 stems from an incomplete patch for CVE-2026-21510, a vulnerability that, in conjunction with CVE-2026-21513, has been exploited by APT28 (aka Fancy Bear) via weaponized LNK files that bypass Windows security features. Microsoft fixed those two flaws in February 2026, successfully preventing the initial remote code execution and SmartScreen … More → The post CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202) appeared first on Hel...