Slashdot

joshuark shares a report from BleepingComputer: Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to succeed, as they involve tricking potential victims into opening malicious Windows Shell Link (.lnk) files. Thus some element of social engineering, and user technically naive and gullibility such as thinking Windows is secure is required. [...] As Trend Micro threat analysts discovered in March 2025, the CVE-2025-9491 was already being widely exploited by 11 state-sponsored groups and cybercrime gangs, including Evil Corp, Bitter, APT37, APT43 (also known as Kimsuky), Mustang Panda, SideWinder, RedHotel, Konni, and others. Microsoft told BleepingComputer in March that it would "consider addressing" this zero-day flaw, even though it didn't "meet the bar for immediate servicing." ACROS Security CEO and 0patch co-founder Mitja Kolsek found, Microsoft has silently changed LNK files in the November updates in an apparent effort to mitigate the CVE-2025-9491 flaw. After installing last month's updates, users can now see all characters in the Target field when opening the Properties of LNK files, not just the first 260. As the movie the Ninth Gate stated: "silentium est aurum"

Read more of this story at Slashdot.

A severe spike in global DRAM prices has pushed Samsung Semiconductor to refuse a long-term RAM order from its own sibling, Samsung Electronics. The move is forcing the smartphone division into short, expensive renegotiations, which will likely mean higher costs for consumer devices. PCWorld reports: Samsung subsidiaries are, naturally, going to look to Samsung Semiconductor first when they need parts. Such was reportedly the case for Samsung Electronics, in search of memory supplies for its newest smartphones as the company ramps up production for 2026 flagship designs. But with so much RAM hardware going into new "AI" data centers -- and those companies willing to pay top dollar for their hardware -- memory manufacturers like Samsung, SK Hynix, and Micron are prioritizing data center suppliers to maximize profits. The end result, according to a report from SE Daily spotted by SamMobile, is that Samsung Semiconductor rejected the original order for smartphone DRAM chips from Samsung Electronics' Mobile Experience division. The smartphone manufacturing arm of the company had hoped to nail down pricing and supply for another year. But reports say that due to "chipflation," the phone-making division must renegotiate quarterly, with a long-term supply deal rejected by its corporate sibling. A short-term deal, with higher prices, was reportedly hammered out.

Read more of this story at Slashdot.