Executive Summary A Windows LNK (shortcut) UI-misrepresentation vulnerability (CVE-2025-9491, ZDI-CAN-25373) is being actively exploited by a China-linked threat actor tracked as UNC6384 to deliver the PlugX Remote Access Trojan (RAT) against European diplomatic and government targets. The flaw enables malicious .LNK artifacts or links to be presented in ways that hide their true behavior; when […]
The post Under UNC6384’s LNK: CVE-2025-9491 Powers PlugX Espionage Attacks appeared first on SecPod Blog.