Hackers using shortcut files for sneak attacks on Windows systems

July 11, 2024
1 min read

TLDR:

  • Hackers have been weaponizing shortcut files with Zero-day tricks to attack Windows users.
  • They exploit retired Internet Explorer to bypass modern browser protections and execute malicious code.

Hackers have been actively weaponizing shortcut files with Zero-day tricks to attack Windows users. These files, disguised as harmless icons, contain commands that launch harmful scripts or programs when clicked. By leveraging retired Internet Explorer, hackers bypass modern browser protections and execute remote code on Windows 10 and Windows 11 systems. This technique, which doesn’t require IE vulnerabilities, has been used since at least January 2023. Microsoft released a patch on July 9, 2024, addressing the security vulnerability, but users need to be cautious and avoid clicking on suspicious links that may lead to system compromise.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and