Back

Critical Zero-Click Vulnerability in Windows Shell Exploited by APT28

Severity: Critical (Score: 83.8)

Sources: Thehackernews, Cybersecuritynews

Summary

A critical zero-click authentication coercion vulnerability, tracked as CVE-2026-32202, has been discovered in Windows Shell. This vulnerability arises from an incomplete patch and is actively exploited by the Russian APT28 threat group. Microsoft confirmed the flaw's exploitation and released a fix on April 14, 2026, as part of its Patch Tuesday update. The vulnerability allows attackers to bypass authentication without user interaction, posing a significant risk to affected systems. Organizations using Windows are urged to apply the patch immediately to mitigate potential attacks. CERT-UA has reported that APT28 is utilizing this vulnerability in ongoing operations. The scope of impact includes various Windows environments, potentially affecting millions of users globally. Security professionals are advised to monitor for signs of exploitation and ensure their systems are updated. Key Points: • CVE-2026-32202 is a critical zero-click vulnerability exploited by APT28. • Microsoft released a patch for the vulnerability on April 14, 2026. • Organizations using Windows are at risk and should apply the patch immediately.

Key Entities

  • Apt28 (apt_group)
  • Zero-day Exploit (attack_type)
  • Microsoft (company)
  • CVE-2026-32202 (cve)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed