Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: https://youtu.be/1Ymnvd1uyzQ
Notices by John Hammond (johnhammond@infosec.exchange)
-
Embed this notice
John Hammond (johnhammond@infosec.exchange)'s status on Thursday, 13-Nov-2025 23:48:40 JST 
John Hammond
-
Embed this notice
John Hammond (johnhammond@infosec.exchange)'s status on Monday, 17-Feb-2025 23:11:43 JST
John Hammond
Quick showcase disabling the Windows+R hotkey -- preventing opening the Run dialog box and helping limit the ClickFix malware attack surface! Though the video is longer than just that... I chat about all the reCAPTCHA craziness and conundrum... 👀🙃 https://youtu.be/Wm0kqSlyEjE
Big thanks to @AnyDesk for sponsoring this video! Join the fight against scammers alongside AnyDesk, with fast remote desktop software and access from anywhere! https://jh.live/anydesk
All GNU social JP content and data are available under the