We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

state-sponsored hacking

Windows Shortcut Zero-Day Under Active Attack
Winsage
March 22, 2025

Windows Shortcut Zero-Day Under Active Attack

A zero-day vulnerability in Windows shortcut (.lnk) files has been exploited by state-sponsored hacking groups since 2017, allowing attackers to execute arbitrary code on compromised systems. Microsoft has classified this vulnerability as “not meeting the bar servicing,” meaning no security updates will be issued. Trend Micro tracks it as ZDI-CAN-25373 and has linked it to cyber-espionage campaigns involving 11 nation-state actors from countries like North Korea, Iran, Russia, and China. Nearly 1,000 malicious .lnk samples exploiting this flaw have been identified, with many more potentially undetected. Attackers often use phishing emails to deliver these malicious files, which can download additional malware, granting full control over the compromised machine. Organizations are advised to scan their systems and implement security measures against this vulnerability.
New Windows zero-day exploited by 11 state hacking groups since 2017
Winsage
March 18, 2025

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a Windows vulnerability tracked as ZDI-CAN-25373 since 2017 for data theft and cyber espionage. Microsoft has classified this vulnerability as "not meeting the bar for servicing," meaning no security updates will be released. The flaw allows attackers to execute arbitrary code on affected Windows systems by concealing malicious command-line arguments within .LNK shortcut files, using padded whitespaces to evade detection. Nearly 70% of the analyzed attacks linked to this vulnerability were related to espionage, while 20% aimed for financial gain. Various malware payloads, including Ursnif, Gh0st RAT, and Trickbot, have been associated with these attacks. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. Microsoft has not assigned a CVE-ID to this vulnerability but is tracking it internally as ZDI-CAN-25373. A Microsoft spokesperson mentioned that the company is considering addressing the flaw in the future.
Search