Computerworld

Critical Windows vuln. in .LNK files = Stuxnet (and IE IV)

Eeek! All versions of Microsoft Windows have a nasty shortcut-file vulnerability, it has emerged. Simply displaying the icon of a crafty .LNK file will cause malware infection. The Stuxnet worm has ...
Bleeping Computer

Microsoft "mitigates" Windows LNK flaw exploited as zero-day

Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this ...
Bleeping Computer

Malicious Windows 'LNK' attacks made easy with new Quantum builder

Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. LNKs are Windows shortcut files that can ...
CSOonline

New Windows zero-day feared abused in widespread espionage for years

A zero-day vulnerability stemming from how Windows User Interface handles its shortcut (.lnk) files has been exploited by at least 11 nation-state actors in widespread threat campaigns. According to ...
Hosted on MSN

Microsoft isn't fixing 8-year-old shortcut exploit abused for spying

An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.
CSOonline

APT exploits Windows zero-day to launch zombie IE attack

Last week’s patched Microsoft file spoofing flaw has been exploited in the wild by APT group Void Banshee by resurrecting Internet Explorer without the user’s knowledge. An APT group has been ...
ZDNet

Microsoft: Raspberry Robin USB worm hits nearly 1,000 organizations in the past month

Microsoft is warning that the relatively new Raspberry Robin USB drive worm has triggered payload alerts on nearly 3,000 devices in almost 1,000 organizations in the past 30 days. Raspberry Robin ...