惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
S
Secure Thoughts
月光博客
月光博客
美团技术团队
雷峰网
雷峰网
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Forbes - Security
Forbes - Security
W
WeLiveSecurity
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
爱范儿
爱范儿
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
Last Week in AI
Last Week in AI
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recent Announcements
Recent Announcements
Webroot Blog
Webroot Blog
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
N
News and Events Feed by Topic
罗磊的独立博客
The Register - Security
The Register - Security
Blog — PlanetScale
Blog — PlanetScale
T
Threat Research - Cisco Blogs
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
B
Blog
腾讯CDC
Microsoft Azure Blog
Microsoft Azure Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Engineering at Meta
Engineering at Meta
Latest news
Latest news
IT之家
IT之家
D
DataBreaches.Net
博客园 - 司徒正美
N
Netflix TechBlog - Medium
V
V2EX
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

The Register - Security: Patches

Cisco SD-WAN make-me-root bug under attack Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9 AI is making Patch Tuesday (kinda) fun again Anthropic to release Mythos-class models to the public Clear your calendar, Drupal user: You have a critically urgent patch to install Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs Critical cPanel, WHM flaw probs exploited as 0-day, pros say More Cisco SD-WAN bugs battered in attacks Critical Fortinet sandbox bugs allow auth bypass and RCE Ancient Excel bug comes out of retirement for active attacks Microsoft's massive Patch Tuesday: It's raining bugs Ransomware scum, other crims exploit 4 old Microsoft bugs Attackers exploited the FortiClient EMS bug as a 0-day Citrix NetScaler bug may be multiple flaws in one Ransomware crims abused Cisco 0-day weeks before disclosure Google rushes Chrome update to fix zero-days under attack CISA warns max-severity n8n bug is being exploited in the wild Cisco warns of two more SD-WAN bugs under active attack LexisNexis Legal & Professional confirms data breach Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover Patch these 4 critical, make-me-root SolarWinds bugs ASAP Attacker gets into France's DB listing all bank accounts CISA gives feds 3 days to patch actively exploited Dell bug CISA gives feds 3 days to patch actively exploited Dell bug Google fixes exploited Chrome CSS zero-day Critical Microsoft bug from 2024 under exploitation Apple patches decade-old iOS zero-day exploited in the wild Microsoft's Valentine's gift to admins: 6 zero-day fixes Microsoft's Valentine's gift to admins: 6 zero-day fixes Critical SolarWinds Web Help Desk bug under attack Critical React Native Metro dev server bug under attack Critical React Native Metro dev server bug under attack OpenClaw patches one-click RCE as security Whac-A-Mole continues Ivanti's January bad luck continues as 0-days hit customers Critical VMware vCenter Server bug under attack Critical VMware vCenter Server bug under attack FortiGate SSO bug still exploitable despite December patch Ancient telnet bug happily hands out root to attackers Cisco plugs up Unified Comms zero-day under active exploit Cloudflare whacks WAF bypass bug that opened side door Cloudflare whacks WAF bypass bug that opened side door Anthropic quietly fixed flaws in its Git MCP server Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch Patch Tuesday update makes Windows PCs refuse to shut down Cisco finally fixes max-severity bug under active attack for weeks Cisco finally fixes max-severity bug under attack for weeks Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm Python libraries in AI/ML models can be poisoned w metadata Python libraries in AI/ML models can be poisoned w metadata Ruh-roh, there's a Cisco ISE bug POC on the loose Ruh-roh, there's a Cisco ISE bug POC on the loose CISA flags exploited Office relic alongside fresh HPE flaw Critical n8n bug allows unauthenticated server takeover Logitech mouse mayhem traced to expired dev certificate 'Heartbleed of MongoDB' under active exploit Microsoft fixes Message Queuing issue in new update Microsoft fixes Message Queuing issue in new update Critical-rated WatchGuard Firebox flaw under active attack HPE OneView RCE bug scores a perfect 10 Apple, Google forced to issue emergency 0-day patches Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit Microsoft RasMan 0-day gets an unofficial patch and exploit New React vulns leak secrets, invite DoS attacks Google fixes super-secret 8th Chrome 0-day Microsoft fixes Windows shortcut flaw exploited for years Microsoft fixes Windows shortcut flaw exploited for years Two Android 0-day bugs patched, plus 105 more fixes Fortinet finally cops to critical bug under active exploit Cisco warns of 'new attack variant' battering firewalls Docker Compose vulnerability opens door to host-level writes Microsoft issues out-of-band patch for critical WSUS flaw Vulnerable Rust crate exposes uv Python packager Oracle rushes out another emergency E-Business Suite patch 50K Cisco firewalls remain vulnerable to advanced attacks Exploits using GoAnywhere perfect-10 bug confirmed Critical Cisco firewall holes under active attack SonicWall releases rootkit-busting firmware update SolarWinds patches critical RCE - for the third time Fortra discloses 10/10 severity bug in GoAnywhere MFT OpenAI plugs ShadowLeak bug in ChatGPT Google pushes emergency patch for Chrome 0-day Apple backports patch to older kit after 0-day exploitation
Microsoft patch fell short. New Windows flaw exploited
Jessica Lyons Jessica Lyons · 2026-04-30 · via The Register - Security: Patches

Patches

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Second try's a charm?

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.

While we don't know who is attacking this one, tracked as CVE-2026-32202, we'd suggest betting it all on Putin's goons. The flaw stems from an incomplete fix for an earlier vulnerability found and abused by Russian spies a month before Redmond released a patch.

The new bug, CVE-2026-32202, is an authentication coercion flaw in Windows Shell that can expose sensitive information on vulnerable systems via network spoofing. "An attacker who successfully exploited the vulnerability could view some sensitive information," Redmond warned when it disclosed the CVE on April 14. 

On Monday, the Windows giant marked the bug as "exploitation detected." The next day, CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities catalog, and set a May 12 deadline for federal agencies to fix the flaw.

The Register reached out to Microsoft about the scope of exploitation, who is responsible for the attacks, and what they are doing with the illicit access. We will update this story if we receive any response.

Microsoft credited Akamai senior security researcher Maor Dahan with finding and reporting CVE-2026-32202, and in Dahan's write-up, he says an incomplete patch for CVE-2026-21510 created the newer vuln.

Redmond attempted to patch CVE-2026-21510 in February. It was one of six actively exploited zero-days disclosed during that month's Patch Tuesday, and Akamai detected Russia's APT28 (also known as Fancy Bear) exploiting that security hole in January. 

According to Akamai, citing Ukraine's Computer Emergency Response Team, APT28 exploited CVE-2026-21510 in attacks against Ukraine and European Union countries. 

These attacks began with a phishing email, purporting to be from Ukraine's hydro-meteorological center, that contained a weaponized LNK file to exploit another vulnerability, CVE-2026-21513. By chaining CVE-2026-21513 with CVE-2026-21510, the Russian spies bypassed Microsoft security features including Defender SmartScreen and remotely executed malicious code on victims' computers.

Microsoft fixed both of these CVEs on February's Patch Tuesday.

However, "while Microsoft's fix successfully prevented the initial remote code execution (RCE) and SmartScreen bypass, it left behind a zero-click authentication coercion vulnerability," Dahan wrote, adding that he and his fellow Akamai bug hunters found CVE-2026-32202 while testing the February patches.

"While testing the patch, we noticed something interesting: The victim machine was still authenticating to the attacker's server," he said.

As Dahan explains, the security hole can be abused to send the victim's Net-NTLMv2 hash (authentication data) to the attacker, thus allowing the digital intruder to authenticate as the user, steal sensitive data, and snoop around on the victim's network.

"This gap between path resolution and trust verification left a zero-click credential theft vector via auto-parsed LNK files," he wrote. ®