A newly uncovered Windows vulnerability, tracked as ZDI-CAN-25373, allows state-sponsored attackers to execute hidden commands via malicious shortcut files. Exploited since 2017, it’s linked to espionage activities by groups from North Korea, Iran, Russia, and China, with North Korea being the most active. Microsoft deems it low-severity and won’t issue a patch; vigilance is advised.

Phony CAPTCHA checks trick targets to download malware
Cyber attackers are using fake CAPTCHA checks to trick users into downloading malware, according to HP Wolf’s Threat Insight Report. The method exploits the complacency