Windows Shell Vulnerability CVE-2026-32202 Moves From Patch Note to Active Threat

A Windows Shell vulnerability (CVE-2026-32202) is being actively exploited, allowing attackers to extract sensitive authentication data by manipulating network interactions. This vulnerability originated from an incomplete fix for a previous issue (CVE-2026-21510). Attackers create malicious LNK files that trigger a sequence of events, including an NTLM authentication handshake, allowing them to harvest credentials. This attack is stealthy and has no obvious warning signs. Users should be cautious when interacting with unknown files.