- What: A new wave of attacks is exploiting a vulnerability in how Windows handles .lnk files.
- Impact: Threat actors are using this weakness to deploy ransomware.
TAGS In The Wild VECTOR STRING CVSS:3.1 AV:L AC:L PR:N UI:R S:U C:H I:H A:H PUBLICATION DATE 2025-08-26 LAST MODIFIED 2025-12-05 No IOCs found for this CVE Title Software Link Date Amperclock/CVE-2025-9491_POC https://github.com/Amperclock/CVE-2025-9491_POC 2025-11-07 Enhance Your CVE Management with SOCRadar Vulnerability Intelligence Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform. CREATE FREE ACCOUNT CVE Details Access comprehensive CVE information instantly Real-time Tracking Subscribe to CVEs and get instant updates Exploit Analysis Monitor related APT groups and threats IOC Tracking Analyze and track CVE-related IOCs Windows shortcut files targeted by ransomware gang Global Group - Computerworld | News Content: A new wave of attacks is exploiting a weakness in the way Windows handles .lnk files. Credit: pancha.me – shuttertsock.com When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees into clicking on an attachment in an email with the subject line google.com rss forum news Global Group ransomware gang running new campaign using Windows shortcut files - Computerworld | News Content: Exploiting .lnk files is a strategy that has been used for years and still works, says new report from Forcepoint. Credit: pancha.me – shuttertsock.com When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees into clicking on an attachment in google.com rss forum news Record-breaking DDoS attack, React bug puts servers at risk, RansomHouse attack - LinkedIn | News Content: CISO Series CISO Series Couples therapy for security vendors and practitioners. Published Dec 4, 2025 Today on CISO Series... On Defense in Depth, "How To Tell When a Vendor is Selling AI Snake Oil" Subscribe to the CISO Series on YouTube for daily news videos and podcasts In today’s cybersecurity news… Record-breaking DDoS attack Aisuru just broke the DDoS record again, firing off a massive 29.7-terabit-per-second attack that Cloudflare had to absorb. This botnet is basically a rentable army of up google.com rss forum news Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation - The Hacker News | News Content: Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remote code execution. "The specific flaw exists within the handling of .LNK files," according to a description in the NIST National google.com rss forum news Microsoft Silently Patched CVE-2025-9491 - We Think Our Patch Provides More Security | Patching What You See vs. Patching What You ExecuteSummary: Trend Micro discovered blogspot.com rss forum news Tageszusammenfassung - 03.12.2025 | End-of-Day report Timeframe: Dienstag 02-12-2025 18:00 - Mittwoch 03-12-2025 18:30 Handler: Michael Schlagenhaufer Co-Handler: Felician Fuchs News Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. <a href="https://www.bleepingcomputer.com/news/security/aisuru-botnet-behind-new-record-breaking-297-tbps-ddos-attack/ third-party israel india wordpress Mustang Panda Intelligence Dashboard Immediately Available for ThreatConnect | Mustang Panda—also known in industry and government reporting as BASIN, BRONZE PRESIDENT, CAMARO DRAGON, EARTH PRETA, FIREANT, G0129, HIVE015, HoneyMyte, LUMINOUS MOTH, Polaris, RedDelta, STATELY TAURUS, TA416, TANTALUM, TEMP.HEX, TWILL TYPHOON, or UNC6384—is a highly active, state-sponsored Chinese cyber-espionage group assessed to operate under the People’s Republic of China (PRC). Active for over a decade, […] The post Mustang Panda Intelligence Dashboard Immediately Available for ThreatConnect appeared first on <a bleed defender open source support @Wietze Cool stuff. Perhaps best to keep in mind that Microsoft has disavowed CVE-2025-9491, so I could imagine that none of these get fixed. https://t.co/rGqjq7iLdw Unrelated: On chromium-based browsers, your