Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems. While we don't know who is attacking this one, tracked as CVE-2026-32202, we'd suggest betting it all on Putin's goons. The flaw stems from an incomplete fix for an earlier vulnerability found and abused by Russian spies a month before Redmond released a patch. The new bug, CVE-2026-32202 , is an authentication coercion flaw in Windows Shell that can expose sensitive information on vulnerable systems via network spoofing. "An attacker who successfully exploited the vulnerability could view some sensitive information," Redmond warned when it disclosed the CVE on April 14.  On Monday, the Windows giant marked the bug as "exploitation detected." The next day, CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities catalog, and set a May 12 deadline for federal agencies to fix the flaw.…