LNK File Archives • Daily CyberSecurity

APT37’s New “Python-in-a-Cat” Malware Uses Environment Variable Obfuscation APT37 Phishing Campaign Python Malware Obfuscation

APT37’s New “Python-in-a-Cat” Malware Uses Environment Variable Obfuscation

Do Son May 12, 2026

In the world of cyberespionage, familiarity can be a fatal mistake for defenders. Just as security teams...

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit Zero-Click Exploitation LNK Authentication Coercion

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit

Do Son April 27, 2026

Researchers at Akamai have discovered that a previous fix for a high-profile exploit used by the Russian-linked...

Don’t Click That Shortcut: Phorpiex Botnet Hides in “Your Document” Emails Phorpiex Botnet LNK Phishing

Don’t Click That Shortcut: Phorpiex Botnet Hides in “Your Document” Emails

Do Son February 16, 2026

A high-volume phishing campaign has been spotted in the wild, reviving an old but effective tactic to...

FrostBeacon Hits Russian B2B: Cobalt Strike Deployed via LNK and Chained Legacy Exploits Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

FrostBeacon Hits Russian B2B: Cobalt Strike Deployed via LNK and Chained Legacy Exploits

Do Son December 10, 2025

A new and sophisticated malware campaign dubbed “Operation FrostBeacon” is systematically targeting business-to-business (B2B) enterprises across the...

Patchwork APT Deploys StreamSpy Trojan, Hiding C2 Commands in WebSocket Traffic for Stealth Espionage Patchwork StreamSpy, WebSocket C2

Patchwork APT Deploys StreamSpy Trojan, Hiding C2 Commands in WebSocket Traffic for Stealth Espionage

Do Son December 5, 2025

The Patchwork APT group (also known as Bai Xiang or “White Elephant”), a cyberespionage actor believed to...

SEQRITE Labs Uncovers “CAPI Backdoor” Campaign Targeting Russia’s Automobile and E-Commerce Sectors CAPI Banking Trojan, LNK Persistence

SEQRITE Labs Uncovers “CAPI Backdoor” Campaign Targeting Russia’s Automobile and E-Commerce Sectors

Do Son October 20, 2025

Researchers at SEQRITE Labs have uncovered a targeted spear-phishing campaign aimed at organizations in Russia’s automobile and...

Operation Silk Lure: Chinese Espionage Targets FinTech with Malicious Resume LNK to Implant ValleyRAT Operation Silk Lure, ValleyRAT LNK

Operation Silk Lure: Chinese Espionage Targets FinTech with Malicious Resume LNK to Implant ValleyRAT

Do Son October 17, 2025

Researchers at Seqrite Labs have uncovered a highly targeted cyber-espionage campaign, dubbed Operation Silk Lure, that leverages...

Zero-Click NTLM Leak Returns: New LNK Bypass (PoC Available) Bypasses Patch, Exposing Credentials Zero-Click NTLM Credential Leak, LNK Bypass

Zero-Click NTLM Leak Returns: New LNK Bypass (PoC Available) Bypasses Patch, Exposing Credentials

Do Son October 17, 2025

A cybersecurity researcher at Cymulate Research Labs, Ruben Enkaoua, has discovered yet another zero-click NTLM credential leakage...

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth

Do Son September 5, 2025

Researchers at the Trellix Advanced Research Center have identified a sophisticated new campaign leveraging the XWorm backdoor,...

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer ChaCha20 Cipher

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer

Do Son September 2, 2025

For over a year, Huntress researchers have been tracking the rise of ClickFix attacks, a form of...

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection RedLoader, DLL Sideloading

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection

Do Son July 31, 2025

Sophos analysts have uncovered a newly combined infection technique used by the GOLD BLADE cybercriminal group to...

Stealthy REMCOS Backdoor Delivered by LNK Files: Bypasses Antivirus with Multi-Stage PowerShell Attack

Do Son July 29, 2025

Cybercriminals continue to find clever ways to bypass antivirus solutions and endpoint defenses. A recent Point Wild...

SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery

Do Son June 20, 2025

A newly uncovered malicious campaign, dubbed SERPENTINE#CLOUD, leverages Cloudflare Tunnel subdomains to deliver payloads via phishing email...

Critical Alert 1 Active Exploit Detected Today