Tag

#phishing

2 posts tagged #phishing.

Analysis · May 20, 2026 · The Commentary Desk

The warning your careful users count on, that quietly never fired

CVE-2024-21412 bypasses Windows SmartScreen with a shortcut inside a shortcut. The file looks like a JPEG, the user double-clicks, and the safety prompt that was supposed to appear simply doesn't. It's also a bypass of the previous SmartScreen fix.
Analysis · May 20, 2026 · The Commentary Desk

The user opened a JPG they could see in the archive. A RAT installed behind it.

CVE-2023-38831 weaponizes the one thing you tell users is safe: opening a file they can see. A WinRAR archive hides a script in a folder named identically to a benign file, and double-clicking the file runs the script. You can't train this away, and WinRAR doesn't auto-update.