Lnk-it-up open-source suite for generating and detecting malicious Windows LNK shortcuts
Security Tool/Service
Summary
Hide ▲
Show ▼
lnk-it-up is a newly released open-source suite for Windows LNK shortcuts that helps testers generate deceptive files and helps defenders spot shortcuts where Explorer shows one target but execution runs another. That matters because the tool directly supports malicious shortcut detection in a file format attackers can abuse to hide payloads and command-line arguments. It also gives analysts a way to validate how malformed LNK structures behave before they are used in the wild.
Related Happenings
Apple macOS Tahoe 26.4 Terminal warning blocks ClickFix-style pasted commands
Security Tool/Service
First: 30.03.2026 17:32
Last: 30.03.2026 17:32
Sources 1
About this happening:
**Apple** added a **Terminal** safety warning in **macOS Tahoe 26.4** that delays or blocks pasted commands when they look harmful, reducing the chance that users execute **ClickF...
Apple macOS Tahoe 26.4 Terminal warning blocks ClickFix-style pasted commands
Security Tool/ServiceAbout this happening: **Apple** added a **Terminal** safety warning in **macOS Tahoe 26.4** that delays or blocks pasted commands when they look harmful, reducing the chance that users execute **ClickF...
ClickFix Windows Terminal Lumma Stealer campaign
Campaign
First: 06.03.2026 08:44
Last: 06.03.2026 08:44
Sources 1
About this happening:
A **widespread ClickFix** campaign is abusing **Windows Terminal (wt.exe)** to run malicious commands and deploy **Lumma Stealer**, expanding the risk of credential theft and brow...
ClickFix Windows Terminal Lumma Stealer campaign
CampaignAbout this happening: A **widespread ClickFix** campaign is abusing **Windows Terminal (wt.exe)** to run malicious commands and deploy **Lumma Stealer**, expanding the risk of credential theft and brow...
Windows 11 Insider Preview adds secure batch-file execution controls
Security Tool/Service
First: 27.02.2026 22:00
Last: 27.02.2026 22:00
Sources 1
About this happening:
**Microsoft** is adding a more secure batch-file and CMD-script execution mode in **Windows 11 Insider Preview builds**, which matters for **enterprise scripted workflows** that n...
Windows 11 Insider Preview adds secure batch-file execution controls
Security Tool/ServiceAbout this happening: **Microsoft** is adding a more secure batch-file and CMD-script execution mode in **Windows 11 Insider Preview builds**, which matters for **enterprise scripted workflows** that n...
Microsoft silently patches in Windows LNK files remote code execution flaw (CVE-2025-9491)
Vulnerability
First: 12.02.2026 23:01
Last: 12.02.2026 23:01
Sources 1
How related:
The discovered issues exploit inconsistencies in how Windows Explorer prioritizes conflicting target paths specified across multiple optional data structures within shortcut files.
About this happening:
**Windows LNK shortcut files** remain the focus of this vulnerability thread: **CVE-2025-9491** / **ZDI-CAN-25373** is being used in **September-October 2025** spear-phishing atta...
Microsoft silently patches in Windows LNK files remote code execution flaw (CVE-2025-9491)
VulnerabilityHow related: The discovered issues exploit inconsistencies in how Windows Explorer prioritizes conflicting target paths specified across multiple optional data structures within shortcut files.
About this happening: **Windows LNK shortcut files** remain the focus of this vulnerability thread: **CVE-2025-9491** / **ZDI-CAN-25373** is being used in **September-October 2025** spear-phishing atta...
Windows 11 Notepad Markdown link RCE (CVE-2026-20841)
Vulnerability
First: 12.02.2026 01:15
Last: 12.02.2026 01:15
Sources 1
About this happening:
Microsoft fixed **CVE-2026-20841**, a **remote code execution** flaw in **Windows 11 Notepad** that could be triggered by clicking a **malicious Markdown link**. On **Notepad vers...
Windows 11 Notepad Markdown link RCE (CVE-2026-20841)
VulnerabilityAbout this happening: Microsoft fixed **CVE-2026-20841**, a **remote code execution** flaw in **Windows 11 Notepad** that could be triggered by clicking a **malicious Markdown link**. On **Notepad vers...
Timeline
-
12.02.2026 23:01 2 articles · 3mo ago
Wietze Beukema releases lnk-it-up for Windows LNK testing
Initial DisclosureWietze Beukema released lnk-it-up at Wild West Hackin' Fest, an open-source tool suite for Windows LNK shortcuts that generates deceptive shortcut files for testing and identifies suspicious files by predicting what Explorer displays versus what actually executes. The suite is designed to help analysts validate detection workflows against LNK files that can hide malicious targets and command-line arguments.
Show sources
- Microsoft: New Windows LNK spoofing issues aren't vulnerabilities — www.bleepingcomputer.com — 12.02.2026 23:01
- Microsoft: New Windows LNK spoofing issues aren't vulnerabilities — www.bleepingcomputer.com — 12.02.2026 23:01