You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
lnk vulnerability
About this tag
The lnk vulnerability tag covers a critical Windows shortcut file flaw, tracked as CVE-2025-9491 and ZDI-CAN-25373, that allows attackers to hide malicious commands in .lnk files by padding them with whitespace or non-printing characters. This UI misrepresentation bug lets crafted shortcuts display a benign Target field while executing hidden code, and it has been actively exploited by nation-state espionage groups and cybercriminals. Discussions include the lack of an official patch, the vulnerability's use in targeted campaigns, and Microsoft's classification of it as a UI flaw rather than a critical security issue. The tag also touches on related Windows security topics such as zero-day exploits and shortcut abuse.
Microsoft has quietly closed a years‑old hole in Windows shortcut handling that security researchers say was being steadily abused by nation‑state espionage groups and cybercriminals to hide malicious commands in plain sight. The issue, tracked as CVE‑2025‑9491 (also published earlier as...
Microsoft and multiple security vendors confirm that a long-known Windows shortcut (.lnk) vulnerability tracked as CVE-2025-9491 is being actively weaponized in targeted espionage campaigns — and, as of the latest reports, there is no Microsoft patch available to close the hole. Background...
Microsoft has quietly extended its Copilot footprint into the lightweight Microsoft 365 companion apps that live on the Windows 11 taskbar, embedding contextual AI prompts and one‑click Copilot access into People and Files today — with Calendar integration scheduled to follow — and doing so via...
A long-dormant flaw in Windows is now capturing the attention of cybersecurity experts and government agencies alike, as a Windows zero-day vulnerability—active since 2017—has been weaponized by 11 nation-state actors. The exploit, tracked as ZDI-CAN-25373, manipulates the way Windows handles...