DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...
Russian CTRL toolkit spread via malicious LNK files in February 2026, routing C2 through FRP-tunneled RDP to evade detection.
Shortcuts (LNK files) in Windows are indicated by curved arrows. We often treat them as background noise and don't consider what they actually do beyond opening apps. In fact, there is a huge gap ...
The multi-stage campaign targeting South Korea uses weaponized Windows shortcuts and GitHub-based command and control to ...
Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.… The flaw, tracked as CVE-2025-9491, allows malicious .lnk shortcut files to ...
Earlier variants used simple obfuscation to hide GitHub addresses and access tokens, while later samples shifted to decoding routines inside the shortcut arguments, suggesting the operators have ...
A series of malicious LNK files targeting users in South Korea has been detected using a multi-stage attack chain that uses ...
When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were ...
A third-party patch management company is cutting short attackers’ use of LNK files to smuggle in malicious commands, while Microsoft prefers to tell the whole story. A longstanding problem with the ...
GitHub has been drawn into another cyber threat case after researchers uncovered a multi-stage malware campaign using ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results