Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in th...

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking...

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST , likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit TRU said it observed the activity after January 9, with the...

📄 Peyara Remote Mouse 1.0.1 Shell Upload / Code Execution

The Peyara Remote Mouse desktop control software exposes an unauthenticated file upload endpoint, along with an unauthenticated WebSocket control channel. An attacker can upload arbitrary files including .LNK shortcuts to the victim environment and trigger command execution via simulated...

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 CVSS score: 7.8/7.0, which has been describ...

Exploit for User Interface (UI) Misrepresentation of Critical Information in Microsoft

CVE-2025-9491 LNK Obfuscation PoC A proof-of-concept tool for...

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary,...

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP...

EUVD-2008-2803

Malware in sbrugna...

EUVD-2025-28860

Malicious code in bioql PyPI...

EUVD-2025-23786

Malicious code in bioql PyPI...

EUVD-2022-39030

Malicious code in bioql PyPI...

EUVD-2023-29641

Malicious code in bioql PyPI...

Windows Shortcut (LNK) Padding

This module generates Windows LNK shortcut file that can execute arbitrary commands. The LNK file uses environment variables and execute its arguments from COMMANDLINEARGUMENTS with extra juicy whitespace character padding bytes and concatenates the actual payload. Module Options msf use...

IconEnvironmentDataBlock - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in IconEnvironmentDataBlock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the locati...

SpecialFolderDatablock - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in SpecialFolderDatablock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the location...

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft aka APT37 to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target...

CVE-2025-9491

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-9491 Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a...