Blog Security Research A Shortcut to Coercion: Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202 Maor Dahan is a Senior Security Researcher at Akamai with more than a decade of experience in the cybersecurity industry. He specializes in operating system internals, vulnerability research, and malware analysis. Maor also has extensive experience designing and developing advanced detection and prevention mechanisms for innovative security products such as EDR, EPP, and virtualization-based security. Executive summary Akamai researchers identified that an incomplete patch for CVE-2026-21510 (an APT28 exploit) created a new zero-click vulnerability: CVE-2026-32202 .  While Microsoft's fix successfully prevented the initial remote code execution (RCE) and SmartScreen bypass, it left behind a zero-click authentication coercion vulnerability (which is now classified as CVE-2026-32202).…