Ntlm

2026-05-17
NTLM Coercion's Quiet Resurgence: Why 2026's Zero-Click Attacks Look Like 2021
Two unrelated bugs in the last month — an incomplete APT28 patch and an unpatched RPC defect — both hand attackers a 1990s-era credential primitive. The fact that NTLM coercion still works in 2026 is not a series of accidents. It is the model.
ntlm coercion windows active-directory relay kerberos rpc trend-analysis opinion
vulnerabilities 2026-05-01
Windows Shell CVE-2026-32202: Incomplete APT28 Patch Reopens Zero-Click NTLM Coercion
Microsoft confirms in-the-wild exploitation of CVE-2026-32202, a zero-click Windows Shell flaw born from an incomplete patch of an APT28 zero-day. Browsing a folder with a malicious LNK leaks Net-NTLMv2 hashes.
windows cve-2026-32202 apt28 ntlm zero-click lnk akamai cisa-kev incomplete-patch

NTLM Coercion's Quiet Resurgence: Why 2026's Zero-Click Attacks Look Like 2021