Signal

New Windows zero-click vulnerability exploited following incomplete patch for APT28 bugs

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-29 08:46 UTCUpdated 2026-04-29 19:15 UTC

rss

cveexploitsthreat_actorssecurity_advisoriesincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

theregister_security · News · go.theregister.com · 2026-04-29 19:15 UTC

New Windows flaw stems from incomplete fix for APT28-exploited bugs

SC Media · News · scworld.com · 2026-04-29 16:11 UTC

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Help Net Security · News · helpnetsecurity.com · 2026-04-29 10:20 UTC

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The Hacker News · News · thehackernews.com · 2026-04-29 08:46 UTC

View all evidence

Overview

Microsoft and CISA have warned of active exploitation of a new zero-click Windows Shell vulnerability, CVE-2026-32202, which emerged from an incomplete fix for earlier APT28-exploited bugs.

Entities

MicrosoftConnectWise

Score total

1.4

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

The flaw emerged due to an incomplete patch released in February 2026.
Active exploitation has been confirmed by CISA and Microsoft warnings.
Inclusion in KEV catalog emphasizes immediate need for awareness and remediation.

Why it matters

The vulnerability allows zero-click exploitation, increasing risk without user interaction.
APT28-linked exploits highlight ongoing nation-state threats to Windows systems.
CISA's KEV listing signals urgency for organizations to patch and mitigate risks.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

CVE-2026-32202 is a zero-click Windows Shell vulnerability actively exploited by attackers.
CVE-2026-32202 stems from an incomplete patch for earlier APT28-exploited bugs CVE-2026-21510 and CVE-2026-21513.
CISA has added actively exploited Windows vulnerabilities including CVE-2026-32202 to its Known Exploited Vulnerabilities catalog.

How sources frame it

CISA And Microsoft: neutral

All evidence

All evidence

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

theregister_security · go.theregister.com · 2026-04-29 19:15 UTC

New Windows flaw stems from incomplete fix for APT28-exploited bugs

SC Media · scworld.com · 2026-04-29 16:11 UTC

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Help Net Security · helpnetsecurity.com · 2026-04-29 10:20 UTC

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The Hacker News · thehackernews.com · 2026-04-29 08:46 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

theregister_security (1)
SC Media (1)
Help Net Security (1)
The Hacker News (1)

Top origin domains (this list)

go.theregister.com (1)
scworld.com (1)
helpnetsecurity.com (1)
thehackernews.com (1)