China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
China-linked UNC6384 used spear-phishing and an unpatched Windows shortcut vulnerability (CVE-2025-9491) to deploy PlugX against European diplomatic and government targets.
Two Windows vulnerabilities, one a 0-day, are under active exploitation
A long-running Windows Shortcut zero-day (CVE-2025-9491) and another critical flaw are actively exploited worldwide to deploy PlugX and other post-exploitation payloads.