Threat actors are leveraging WebDAV and Windows File Explorer to deliver Remote Access Trojans (RATs) while bypassing traditional web browser security controls. By utilizing .url and .lnk shortcut files pointing to WebDAV servers hosted on temporary Cloudflare Tunnels, attackers can trick users into executing malicious scripts that appear as local files.