Jun 16, 2025
The Hidden Danger of LNK Files on Your Computer

Episode 34 of The Awareness Angle is packed with real-world breaches, practical advice, and a surprisingly useful pigeon. Ant and Luke break down the stories behind the headlines, from major retail ransomware to the hidden dangers of shortcut files, and share why awareness still matters more than ever.

We start with Marks & Spencer, who have finally resumed online orders six weeks after a devastating cyberattack. The incident disrupted everything from contactless payments to click-and-collect, and is estimated to have cost the retailer around £300 million. Ant and Luke reflect on the wider impact this has had across the retail sector, praising M&S for getting back online and raising awareness of cyber threats in the process.

Next up, US-based food wholesaler UNFI – a key supplier to Whole Foods – confirmed it had been hit by a cyberattack, forcing some systems offline and delaying orders. It’s a reminder that cyberattacks on supply chains have knock-on effects far beyond the target, affecting customers, retailers, and even the stock market.

Back in the UK, the British Horseracing Authority was also impacted by a cyber incident. Despite the disruption, race meetings continued, showing the importance of contingency plans and operational resilience. In contrast, NHS Professionals, a major staffing agency for the NHS, took over a year to disclose its breach. Attackers reportedly stole the Active Directory database using a compromised Citrix account. Deloitte’s investigation suggests stolen credentials, lack of MFA, and poor endpoint detection contributed to the damage. Ant and Luke question the delay in disclosure and talk about the importance of basic security hygiene.

In the phishing and threats section, the duo look at a new macOS malware campaign involving the Atomic Stealer. Using a fake CAPTCHA, the attack tricks users into pasting code into their terminal. It’s part of a growing trend called ClickFix, which relies on fake error messages and security prompts to manipulate users. It’s not just Windows users at risk anymore.

Microsoft’s Patch Tuesday brings 66 security fixes, including one zero-day flaw already being exploited in the wild. But another unpatched threat is getting attention: a vulnerability in Windows shortcut (.LNK) files that lets attackers embed malicious network paths. Just viewing the file in Explorer can trigger a hidden payload. Microsoft is relying on Defender and Smart App Control for now, with no full patch available yet.

The episode also revisits the FAA’s long-overdue plan to replace Windows 95 and floppy disks in US air traffic control. While it might sound like a punchline, it highlights just how much critical infrastructure still relies on outdated tech. Meanwhile, WhatsApp has joined Apple in challenging the UK Home Office’s demand for a backdoor into encrypted data.

And with Windows 10 support ending in October 2025, Ant and Luke discuss the grassroots movement encouraging users to switch to Linux instead of buying new hardware. The "End of 10" project promotes open-source alternatives, with benefits for privacy, the environment, and user control.

Ant also introduces the concept of an "attack atmosphere," a broader way of thinking about cybersecurity risks that considers the entire environment, not just obvious vulnerabilities. This ties in with a conversation about human behaviour, and how changing that is more effective than any tool you can buy.

Oh, and the pigeon? You’ll have to listen to the episode for that one – but trust us, it makes more sense than you think.

New episodes of The Awareness Angle are released every Monday, with interviews dropping every other Thursday. Subscribe via your favourite podcast app or visit riskycreative.com to sign up for the newsletter.

M&S resumes online orders after cyber attack
Watch – https://youtu.be/DXTmp1gdgIQ?t=87
Read – https://www.retailgazette.co.uk/blog/2025/06/marks-spencer-resumes-online-orders-after-cyberattack/

UNFI cyberattack disrupts Whole Foods supply chain
Watch – https://youtu.be/DXTmp1gdgIQ?t=210
Read – https://www.securityweek.com/unfi-hit-by-cyberattack-impacting-operations/

British Horseracing Authority confirms cyber breach
Watch – https://youtu.be/DXTmp1gdgIQ?t=294
Read – https://www.thoroughbrednews.com.au/news/story/bha-hit-by-cyber-attack-163838

NHS Professionals breach kept quiet for 13 months
Watch – https://youtu.be/DXTmp1gdgIQ?t=375
Read – https://www.theregister.com/2025/06/06/nhs_professionals_data_breach/

Atomic macOS Stealer campaign using ClickFix
Watch – https://youtu.be/DXTmp1gdgIQ?t=723
Read – https://www.bleepingcomputer.com/news/security/macos-users-targeted-with-atomic-stealer-in-fake-spectrum-sites/

Microsoft June Patch Tuesday – 66 flaws, 1 zero-day
Watch – https://youtu.be/DXTmp1gdgIQ?t=1076
Read – https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2025-patch-tuesday-fixes-exploited-zero-day-66-flaws/

LNK shortcut file flaw – no patch yet
Watch – https://youtu.be/DXTmp1gdgIQ?t=1189
Read – https://www.bleepingcomputer.com/news/security/microsoft-warns-of-windows-lnk-zero-day-used-in-attacks/

FAA still using Windows 95 and floppy disks
Watch – https://youtu.be/DXTmp1gdgIQ?t=2207
Read – https://www.tomshardware.com/tech-industry/faa-finally-eliminating-floppy-disks-from-air-traffic-control

WhatsApp joins Apple in UK encryption fight
Watch – https://youtu.be/DXTmp1gdgIQ?t=2432
Read – https://www.bbc.co.uk/news/technology-68948697

End of Windows 10 – should you switch to Linux?
Watch – https://youtu.be/DXTmp1gdgIQ?t=2697
Read – https://endof10.org/

New 'attack atmosphere' mindset in cybersecurity
Watch – https://youtu.be/DXTmp1gdgIQ?t=3148
Read – https://www.bitdefender.com/blog/businessinsights/the-evolution-from-attack-surface-to-attack-atmosphere/

Recently uploaded