Incomplete Windows Patch Opens Door to Zero-Click Attacks (opens in new tab)

An incomplete Windows patch has exposed users to a zero-click attack. Akamai discovered that Microsoft’s patch for CVE‑2026‑21510 was incomplete, inadvertently creating a new vulnerability, CVE‑2026‑32202, that allows zero‑click NTLM credential theft. Russia‑linked APT28 exploited the original flaws in attacks against Ukraine and EU countries, using malicious LNK and HTML files to bypass SmartScreen and […] The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on O...