On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Pharma giant Inotiv hit by ransomware attack, says operations were affected
August 19, 2025
Inotiv, an American pharmaceutical and biotech company, has confirmed it has suffered a ransomware attack which forced it to shut down parts of its IT infrastructure. In a report filed with the US Securities and Exchange Commission (SEC), the company said it spotted the attack on August 8, 2025. The initial investigation determined that someone broke ...
- Deep dive into CVE‑2025‑29824 in Windows
August 19, 2025
On April 8, 2025, Microsoft patched 121 vulnerabilities across its products, including CVE-2025-29824—the only one known to be exploited in the wild. This particular flaw enabled adversaries to escalate Windows privileges by leveraging a bug in the clfs.sys driver. Microsoft Threat Intelligence discovered the issue during the Storm-2460 attacks targeting organizations in Saudi Arabia, Spain, Venezuela, ...
- GodRAT – New RAT targeting financial institutions
August 19, 2025
In September 2024, Kaspersky researchers detected malicious activity targeting financial (trading and brokerage) firms through the distribution of malicious .scr (screen saver) files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which is based on the Gh0st RAT codebase. To evade detection, the attackers ...
- Cisco warns of worrying major security flaw in firewall command center – patch now
August 18, 2025
Cisco recently fixed a maximum-severity vulnerability in its Secure Firewall Management Center (FMC) product, and urged users to apply either the patch, or the mitigation, as soon as possible. FMC is a centralized platform for configuring, monitoring, and analyzing Cisco Secure Firewalls, where users can manage policies, track threat intelligence, and monitor their deployments across endpoints. ...
- Workday hit by data breach targeting CRM systems
August 18, 2025
The US company was affected by a social engineering campaign that bears similarities to a recent wave of attacks by extortion group ShinyHunters. Enterprise software company Workday recently suffered a data breach after threat actors targeted a third-party customer relationship management (CRM) platform. According to a blogpost by the US company on Friday (15 August), threat ...
- Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
August 18, 2025
In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which Kaspersky researchers first discovered in December 2022 in a RansomExx ransomware campaign. ...

