CVE-2025-59284: How reading a gnu manpage led to a Windows NetNTLM phishing exploit

The post describes a phishing technique that exploits archive extraction in Windows to obtain a user’s NetNTLM hash. It notes that Microsoft’s patch for the vulnerability may have been insufficient, leaving the exploit potentially viable. The technique was presented at BSidesLjubljana in March 2026.