Four new reasons why Windows LNK files cannot be trusted

By putting conflicting metadata in LNK files, a researcher found four new ways to spoof targets, hide arguments, and run unintended programs in Windows Explorer.

Microsoft: New Windows LNK spoofing issues aren't vulnerabilities

Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK ...

Windows shortcut files targeted by ransomware gang Global Group

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in ...
The Hacker News

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

CRESCENTHARVEST uses protest lures and malicious LNK files to deploy RAT malware targeting Iran protest supporters for ...
CSO Online

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Researchers revealed a Phorpiex-distributed phishing campaign using malicious LNK files to deploy Global Group ransomware ...

Microsoft Triple Warning — 3 Windows Security Bypass Threats Confirmed

Now Microsoft has confirmed three zero-day Windows security bypass vulnerabilities, users are warned to get their update groove on ASAP.
The Hacker News

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system ...

Microsoft patches concerning Windows 11 Notepad security flaw

High-severity flaw fixed in Windows 11 Notepad ...

Microsoft's Valentine's gift to admins: 6 exploited zero-day fixes

Roses are red, violets are blue ... now get patching What better way to say I love you than with an update? Attackers exploited a whopping six Microsoft bugs as zero-days prior to Redmond releasing ...
Bleeping Computer

WinRAR path traversal flaw still exploited by numerous hackers

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious ...