Computing

Microsoft patches actively exploited Windows flaw left open by a previous patch

Microsoft has fixed an actively exploited flaw in Windows that arose from an incomplete patch released in the company’s ...

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a ...

Incomplete fix for Fancy Bear exploit opens zero-click hole in Windows

Microsoft's partial patching in February 2026 of a zero-day vulnerability abused by Russian state-sponsored threat group ...

Windows Shell vulnerability is being attacked

In February, Microsoft closed a Windows Shell vulnerability, but incompletely. Attacks have now been discovered. A patch ...
PCQuest

Microsoft warns Windows Shell flaw is being exploited to expose credentials

Microsoft’s Windows Shell flaw CVE-2026-32202 is under attack. See how one shortcut file can expose NTLM credentials and ...
The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
SecurityWeek

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Incomplete patch for a Windows SmartScreen and Windows Shell security prompts bypass created a new bug enabling zero-click ...
Security Boulevard

Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft ...
Computerworld

Windows shortcut files targeted by ransomware gang Global Group

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were ...
btimesonline

Microsoft Quietly Fixes Windows LNK Zero-Day After Years of Global Exploitation by State Hackers

Microsoft quietly issued a fix for a long-exploited Windows zero-day vulnerability in its November security updates, closing a loophole that experts say enabled state-sponsored hacking groups from ...
CSOonline

Windows shortcuts’ use as a vector for malware may be cut short

A third-party patch management company is cutting short attackers’ use of LNK files to smuggle in malicious commands, while Microsoft prefers to tell the whole story. A longstanding problem with the ...