Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.

The flaw, tracked as CVE-2025-9491, allows malicious .lnk shortcut files to hide harmful command-line arguments from users, enabling hidden code execution when a victim opens the shortcut.

Researchers at Trend Micro said in March that nearly a thousand malicious .lnk samples dating back to 2017 exploited this weakness across a mix of state-sponsored and cybercriminal campaigns worldwide. "Our analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft," it said at the time.

The trick is deceptively simple: malicious commands are padded with whi

See Full Page