Microsoft Windows Cyberattack Warning — Do Not Open These Files
Beware these dangerous Windows LNK files.
Windows users are under attack. Yes, I know, Windows users are always under attack, it's a byproduct of there being so many of them and threat actors focusing on such big platforms that can offer the potential for significant returns. While Linux and macOS systems are far from immune to such attacks, it's Microsoft users who get the brunt of it. Which is why it's so important to install updates that fix Windows vulnerabilities, and install them quickly. But what if the threat is not only well known among the cybercriminal community, has existed for many years, and still hasn't been given a Common Vulnerabilities and Exposures identifier? Welcome to the highly dangerous world of Windows LNK file cyberattacks that are happening right now. Do not open these files.
The Common Vulnerabilities and Exposures system might not be perfect, but it does provide a standard and actionable method of identifying and prioritizing security vulnerabilities wherever they occur. Security vulnerabilities such as the one that impacts LNK shortcut files in the Windows operating system, and has done for many years now. Or at least it would have had the vulnerability in question been allocated a CVE identifier, which it hasn't.
Alexander Kolesnikov, a malware analyst at Kaspersky Lab, has issued a warning to all Windows users as Kaspersky's Global Research and Analysis Team revealed the most noteworthy Windows vulnerability being exploited so far in 2025.
ZDI-CAN-25373, the Windows LNK file vulnerability in question, has already been seen being exploited this year in zero-day attacks by cybercriminal and state-sponsored actors according to the security researchers at Trend Micro.
ZDI-CAN-25373, the Windows LNK file vulnerability in question, has already been seen being exploited in zero-day attacks by cybercriminal and state-sponsored actors, according to security researchers at Trend Micro. Now, Kolesnikov has warned that it is being actively exploited and enables threat actors to launch attacks that are obfuscated from the victim. 'The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts,' Kolesnikov explained. What this means is that attackers can apply additional characters in the target field, things like spaces and line breaks for example, so that the user only sees the legitimate-looking path and has no cause for concern that anything is amiss. That's far from the reality though, as malicious commands added, but obscured from view in File Explorer, can be used to compromise the Windows system once the LNK file is executed. 'Only the first part of the path is shown in the shortcut's properties,' Kolesnikov reiterated, adding that 'the target field might include arguments at the end of the line that trigger a request to download a payload using powershell.exe.'
'As a security best practice, we encourage customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognize and warn users about potentially harmful files,' a Microsoft spokesperson said.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
15 minutes ago
- Yahoo
Lockheed Martin (LMT) Announced the Successful Execution of Flight Test Other-26a
Lockheed Martin Corporation (NYSE:LMT) is one of the 13 Best Aerospace and Defense Stocks to Invest in Now. On June 24, Lockheed Martin Corporation (NYSE:LMT) announced the successful execution of Flight Test Other-26a, in collaboration with the US Missile Defense Agency. The test demonstrated the capabilities of Lockheed Martin Corporation (NYSE:LMT)'s Long Range Discrimination Radar, which successfully detected, tracked, and discriminated against a live ballistic missile threat in a complex environment over the north Pacific Ocean. The LRDR tracked an air-launched ballistic missile target equipped with countermeasures, showcasing its ability to distinguish real threats from decoys and background clutter. Two fighter jets in flight, highlighting the technology and experience of the companies combat aircraft. This test marked several firsts including LRDR's effective detection, tracking, and discrimination in a complex environment, and C2BMC's successful use of LRDR flight test data to support a simulated missile defense engagement. Lockheed Martin Corporation (NYSE:LMT) is an international aerospace and defense company that develops and manufactures advanced technology systems and products. It operates in four main areas including military aircraft, missile and air defense systems, helicopters and naval systems, and space technologies. While we acknowledge the potential of LMT as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Unstoppable Stocks That Could Double Your Money. Disclosure: None. Fehler beim Abrufen der Daten Melden Sie sich an, um Ihr Portfolio aufzurufen. Fehler beim Abrufen der Daten Fehler beim Abrufen der Daten Fehler beim Abrufen der Daten Fehler beim Abrufen der Daten
Yahoo
16 minutes ago
- Yahoo
Intuitive Machines (LUNR) Jumps 13.15% as Lunar Mission Photos Boost Investor Confidence
Intuitive Machines, Inc. (NASDAQ:LUNR) is one of the . Intuitive Machines saw its share prices jump by 13.15 percent on Thursday to close at $11.36 apiece following the release of photos captured by its IM-2 lunar lander called 'Athena.' Having encountered uncertainties during its official launch in February 2025, the photos sparked investor confidence about Intuitive Machines Inc.'s (NASDAQ:LUNR) successful deployment and operations and improved confidence for future contracts. Intuitive Machines, Inc. (NASDAQ:LUNR) launched the IM-2 Athena using its Nova-C aircraft on February 27 as part of NASA's commercial lunar payload services. Athena successfully reached the surface of the moon on March 6, 2025, but ended its mission the day after, following depleted power. A satellite being released from a launch vehicle, heading into space. Athena was designed to look into the presence of lunar water ice using Prime-1, a payload of a drill and mass spectrometer. While we acknowledge the potential of LUNR as an investment, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an extremely cheap AI stock that is also a major beneficiary of Trump tariffs and onshoring, see our free report on the best short-term AI stock. READ NEXT: 20 Best AI Stocks To Buy Now and 30 Best Stocks to Buy Now According to Billionaires. Disclosure: None. This article is originally published at Insider Monkey.
Yahoo
16 minutes ago
- Yahoo
Enovix (ENVX) Jumps 20.76% as Lawmakers Rethink Clean Energy Credit Cuts
Enovix Corporation (NASDAQ:ENVX) is one of the . Enovix Corporation (NASDAQ:ENVX) extended its winning streak to a third consecutive day on Thursday, surging 20.76 percent to close at $10.53 apiece following news that Senate lawmakers are planning to implement gentler cuts to clean energy tax credits. While the Senate would still seek to lower credits for clean energy, Senator Kevin Cramer said that the upper chamber's version may ultimately 'be a little more generous' than the House's. The proposed cuts, which form part of the One Big Beautiful Bill Act, sought to claw back funding currently enjoyed under the Inflation Reduction Act (IRA), by ending most credits earlier than originally laid out. Battery manufacturers, such as Enovix Corporation (NASDAQ:ENVX), are benefiting from Section 45x of the IRA, which incentivizes eligible companies in a bid to ramp up domestic production. A close-up of a battery cell being assembled with intricate precision. Enovix Corporation (NASDAQ:ENVX) is engaged in providing electronic components, including advanced silicon-anode lithium-ion battery development and production. While we acknowledge the potential of ENVX as an investment, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an extremely cheap AI stock that is also a major beneficiary of Trump tariffs and onshoring, see our free report on the best short-term AI stock. READ NEXT: 20 Best AI Stocks To Buy Now and 30 Best Stocks to Buy Now According to Billionaires. Disclosure: None. This article is originally published at Insider Monkey.
