← All stories

The Register Security

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Jessica Lyons · 6 days ago · Read original ↗

ATT&CK techniques detected

7 predictions

T1190Exploit Public-Facing Application

99%

“windows giant marked the bug as " exploitation detected. " the next day, cisa added cve - 2026 - 32202 to its known exploited vulnerabilities catalog, and set a may 12 deadline for federal agencies to fix the flaw. the register reached out to microsoft about the scope of exploita…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

57%

“apt28 exploited cve - 2026 - 21510 in attacks against ukraine and european union countries. these attacks began with a phishing email, purporting to be from ukraine ' s hydro - meteorological center, that contained a weaponized lnk file to exploit another vulnerability, cve - 202…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

56%

“dahan wrote, adding that he and his fellow akamai bug hunters found cve - 2026 - 32202 while testing the february patches. " while testing the patch, we noticed something interesting : the victim machine was still authenticating to the attacker ' s server, " he said. as dahan exp…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1550.002Pass the Hash

49%

“dahan wrote, adding that he and his fellow akamai bug hunters found cve - 2026 - 32202 while testing the february patches. " while testing the patch, we noticed something interesting : the victim machine was still authenticating to the attacker ' s server, " he said. as dahan exp…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1187Forced Authentication

48%

“dahan wrote, adding that he and his fellow akamai bug hunters found cve - 2026 - 32202 while testing the february patches. " while testing the patch, we noticed something interesting : the victim machine was still authenticating to the attacker ' s server, " he said. as dahan exp…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1587.004Exploits

45%

“apt28 exploited cve - 2026 - 21510 in attacks against ukraine and european union countries. these attacks began with a phishing email, purporting to be from ukraine ' s hydro - meteorological center, that contained a weaponized lnk file to exploit another vulnerability, cve - 202…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1078.001Default Accounts

31%

“dahan wrote, adding that he and his fellow akamai bug hunters found cve - 2026 - 32202 while testing the february patches. " while testing the patch, we noticed something interesting : the victim machine was still authenticating to the attacker ' s server, " he said. as dahan exp…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Second try's a charm?

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.…