Akamai reports that an incomplete patch for a Windows vulnerability (CVE-2026-21510) has led to new zero-click attack capabilities, allowing attackers, notably the Russia-linked APT28 group, to exploit the flaw for remote code execution and credential theft without user interaction. Microsoft has since released fixes for this and related vulnerabilities in its April 2026 patches.
A critical insight for cybersecurity professionals is the discovery of CVE-2026-32202, a zero-click vulnerability resulting from an incomplete patch of a previous Windows SmartScreen and Shell bypass. This flaw allows attackers, notably the Russian-linked APT28, to exploit auto-parsed LNK files to steal credentials without user interaction. For immediate action, review and apply Microsoft's April 2026 patches to mitigate exploitation risks and bolster defenses against zero-day vulnerabilities.