New Windows zero-day feared abused in widespread espionage for years | CSO Online

A zero-day vulnerability in Windows shortcut files, exploited by at least 11 nation-state actors, allows remote command execution. The vulnerability, discovered by Trend Zero Day Initiative, has been used in widespread espionage campaigns since 2017, primarily targeting government and financial sectors. Despite being reported to Microsoft, the company declined to address the issue.