[demo] CVE 2025 9491 Briefing

This report covers CVE-2025-9491, a Windows .LNK UI misrepresentation vulnerability enabling remote code execution that is being actively exploited by UNC6384 in spear-phishing campaigns against European diplomatic and aviation targets. The attack chain uses malicious .LNK files to launch disguised payloads and deploy PlugX via DLL sideloading with legitimate Canon utilities, with associated ATT&CK techniques, IOCs (email themes, delivery mechanisms, LNK traits, network patterns), and recommended preventive, detection, and response controls to mitigate risk.