The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious ...
A third-party patch management company is cutting short attackers’ use of LNK files to smuggle in malicious commands, while Microsoft prefers to tell the whole story. A longstanding problem with the ...
A zero-day vulnerability stemming from how Windows User Interface handles its shortcut (.lnk) files has been exploited by at least 11 nation-state actors in widespread threat campaigns. According to ...
We have reported on the use of LNK files by Emotet, Qbot, and IcedID, in all cases masquerading as a Word document to trick the recipient into opening it. However, these link files can be used to ...
When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were ...
Suspicious Activity: The obfuscation, especially with creating and executing a file in the %TMP% directory (a common place for malware), suggests this script could be part of a malicious payload. The ...
A newly discovered cyber vulnerability, ZDI-CAN-25373, has been actively exploited by 11 state-sponsored threat groups from North Korea, Iran, Russia and China since 2017. According to the Trend Zero ...
The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows’ standard interface. Microsoft quietly patched a critical Windows ...
I'm the sole Mac user in a Windows-based company, and all of our files are stored in a collection of Windows Server shares in a whole bunch of relatively organized directories. We frequently include ...
Astaroth, a group that uses legitimate Windows tools to spread malware, has retooled after Microsoft drew attention to its living-off-the-land techniques last July. The group in February stepped up ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results