New Windows zero-day exploited by 11 state hacking groups since 2017

Trend Micro's Zero Day Initiative disclosed ZDI-CAN-25373, a Windows UI-misrepresentation zero-day in .lnk shortcut handling that allows attackers to hide malicious command-line arguments and execute code; the flaw has been exploited in the wild since 2017 by multiple state-backed APTs and cybercrime groups (including Evil Corp, APT43/Kimsuky, Mustang Panda, and others) to deploy payloads such as Ursnif, Gh0st RAT, and Trickbot, while Microsoft has declined immediate servicing and has not yet issued a patch.