Microsoft "mitigates" Windows LNK flaw exploited as zero-day

Microsoft has silently mitigated a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime ...

State sponsored hackers have been exploiting this LNK vulnerability for years - and it has only just been patched by Microsoft

The LNK vulnerability was used to launch remote code execution in cyber-espionage, data theft, and fraud attacks.
Cybernews

Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware

Microsoft has released a patch for link (LNK) files. However, it does not stop hackers from abusing them to deliver malware.
Business Times

Microsoft Quietly Fixes Windows LNK Zero-Day After Years of Global Exploitation by State Hackers

Microsoft quietly issued a fix for a long-exploited Windows zero-day vulnerability in its November security updates, closing ...

Microsoft issues unannounced patch for zero-day LNK vulnerability used in real-world attacks

Cybersecurity experts warn of a stealthy Microsoft patch addressing a long-exploited Windows LNK zero-day vulnerability, ...
CSO Online

Windows shortcuts’ use as a vector for malware may be cut short

A third-party patch management company is cutting short attackers’ use of LNK files to smuggle in malicious commands, while ...

Microsoft Silently Fixes 8-Year Windows Security Flaw

The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through ...
CSOonline

Attackers move away from Office macros to LNK files for malware delivery

Barriers that Microsoft has placed to prevent malicious macros has forced some cybercriminals to use LNK files for malware delivery, but at the cost of easier detection. For years attackers have used ...