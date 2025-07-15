GBHackers News reports that enterprise environments could be infected with malware without any user interaction as part of the new multi-stage RenderShock attack, which involves the abuse of automated file previewing and processing features.
Malicious files, images, or shortcuts that activate upon interaction with preview handlers, security scanners, and metadata extractors enable not only passive reconnaissance but also credential exfiltration and remote code execution, an analysis from Cyfirma researchers showed. RenderShock has also harnessed multiple legitimate system behaviors to ensure stealth, with the utilization of a ZIP archive-embedded custom LNK file potentially allowing covert remote icon loading of Windows Explorer in SMB. Such a novel zero-click attack technique should prompt a reevaluation of trust in enterprise environments, according to researchers, who urged the consideration of internal previews, indexing operations, and synchronization as possible execution surfaces. Organizations have also been recommended to not only limit outbound SMB traffic and deactivate preview capabilities but also adopt behavioral monitoring and bolster Office configurations.
