lnk vulnerability

Microsoft has quietly closed a years‑old hole in Windows shortcut handling that security researchers say was being steadily abused by nation‑state espionage groups and cybercriminals to hide malicious commands in plain sight. The issue, tracked as CVE‑2025‑9491 (also published earlier as...

Microsoft and multiple security vendors confirm that a long-known Windows shortcut (.lnk) vulnerability tracked as CVE-2025-9491 is being actively weaponized in targeted espionage campaigns — and, as of the latest reports, there is no Microsoft patch available to close the hole. Background...

Microsoft has quietly extended its Copilot footprint into the lightweight Microsoft 365 companion apps that live on the Windows 11 taskbar, embedding contextual AI prompts and one‑click Copilot access into People and Files today — with Calendar integration scheduled to follow — and doing so via...

A long-dormant flaw in Windows is now capturing the attention of cybersecurity experts and government agencies alike, as a Windows zero-day vulnerability—active since 2017—has been weaponized by 11 nation-state actors. The exploit, tracked as ZDI-CAN-25373, manipulates the way Windows handles...