Since 2017: Zero-day exploits in Windows LNK files
The Zero Day Initiative (ZDI) has identified ZDI-CAN-25373, a Windows .lnk file vulnerability that has been abused by APT groups with zero-day exploits since 2017. The Zero Day Initiative's threat hunting team has identified nearly 1000 malicious .lnk files that abuse ZDI-CAN-25373, a vulnerability that allows attackers to execute hidden malicious commands on a victim's computer by using crafted shortcut files. The attacks use hidden command-line arguments in .lnk files to execute malicious zero-day exploits. This poses significant risks for organizations of data theft and...