By putting conflicting metadata in LNK files, a researcher found four new ways to spoof targets, hide arguments, and run unintended programs in Windows Explorer.

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were ...

Forensic investigators use LNK shortcut files to recover metadata about recently accessed files, including files deleted after the time of access. In a recent investigation, FireEye Mandiant ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

CRESCENTHARVEST uses protest lures and malicious LNK files to deploy RAT malware targeting Iran protest supporters for espionage and data theft.

An actively exploited security bypass vulnerability in Microsoft Defender SmartScreen is being exploited in a new stealer campaign to download malicious executables on the victim’s system. Tracked as ...

Chinese state-sponsored threat actors have been abusing a Windows zero-day vulnerability to target diplomats across the European continent, security researchers are warning. Security researchers ...

It's not particularly surprising, as that bit of code doesn't actually seem to contain the malware. It's shady as all fuck, but it depends on the existence of the .lnk file to actually do anything. If ...

I'm the sole Mac user in a Windows-based company, and all of our files are stored in a collection of Windows Server shares in a whole bunch of relatively organized directories. We frequently include ...