CISA orders immediate patching of Windows zero-day CVE-2026-32202 after active exploitation
A critical Windows zero-day vulnerability is being exploited in the wild, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch without delay. The flaw, tracked as CVE-2026-32202, affects Windows Shell and enables attackers to coerce NTLM authentication and steal password hashes for lateral movement—despite Microsoft’s earlier patch for a…