Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Several users reported finding a strange Update.exe file on their computer system but had no idea how it got there. It was found that the file originates from GitHub, while users did not appear to use ...