In September, 2024 the Zero Day Initiative (ZDI) Threat Hunting team identified the exploitation of a 7-Zip zero-day vulnerability used in a SmokeLoader malware campaign targeting Ukrainian entities.
The vulnerability, CVE-2025-0411, was disclosed to 7-Zip creator Igor Pavlov, leading to the release of a patch in version 24.09 on November 30, 2024. CVE-2025-0411 allows the bypassing of Windows Mark-of-the-Web protections by double archiving files, thus preventing necessary security checks and allowing the execution of malicious content. The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files.
Read more…
Source: Trend Micro
Related:
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...

