Incomplete Windows Patch Opens Door to Zero-Click Attacks
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on SecurityWeek.
Incomplete patch for a Windows SmartScreen and Windows Shell security prompts bypass created a new bug enabling zero-click attacks, Akamai reports.
The initial vulnerability, tracked as CVE-2026-21510 and patched in February, could be exploited for remote code execution (RCE) if the attacker could convince the victim to open a malicious shortcut file.
Microsoft warned at the time that the flaw had been exploited as a zero-day, without providing details on the observed attacks.
Source: https://www.securityweek.com/incomplete-windows-patch-opens-door-to-zero-click-attacks/
Related breach coverage
- Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months2026-04-30
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.
- CISA orders feds to patch Windows flaw exploited as zero-day2026-04-29
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. [...]
- Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure2026-04-29
The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it. The post Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure appeared first on SecurityWeek.
- No Patch for New PhantomRPC Privilege Escalation Technique in Windows2026-04-28
A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System. The post No Patch for New PhantomRPC Privilege Escalation Technique in Windows appeared first on SecurityWeek.