State sponsored hackers have been exploiting this LNK vulnerability for years - and it has only just been patched by Microsoft

The LNK vulnerability was used to launch remote code execution in cyber-espionage, data theft, and fraud attacks.
MUO on MSN

This tiny Windows shortcut file is a bigger security threat than you think

Malicious LNK shortcuts expose a long-standing weakness in Windows.

Microsoft "mitigates" Windows LNK flaw exploited as zero-day

Microsoft has silently mitigated a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime ...
The Hacker News

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

In other words, these shortcut files are crafted such that viewing their properties in Windows conceals the malicious ...
SecurityWeek

Microsoft Silently Mitigated Exploited LNK Vulnerability

Microsoft has silently mitigated CVE-2025-9491, a Windows vulnerability exploited to distribute malware via LNK files ...
CSO Online

Windows shortcuts’ use as a vector for malware may be cut short

A third-party patch management company is cutting short attackers’ use of LNK files to smuggle in malicious commands, while ...
Homeland Security Today

The Missing LNK — Correlating User Search LNK Files

Forensic investigators use LNK shortcut files to recover metadata about recently accessed files, including files deleted after the time of access. In a recent investigation, FireEye Mandiant ...
Threat Post

Patched Windows Machines Exposed to Stuxnet LNK Flaw All Along

Microsoft released a new patch for the LNK vulnerability exploited by Stuxnet after it learned original patch from 2010 failed and left Windows machines exposed. A five-year-old Microsoft patch for ...
Bleeping Computer

Malicious Windows 'LNK' attacks made easy with new Quantum builder

Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. LNKs are Windows shortcut files that can ...