On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian government hackers said to be behind US federal court filing system hack
August 12, 2025
The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times. Citing anonymous sources, the newspaper said Russia “is at least in part responsible” for the cyberattack, without saying what part of the Russian government is behind the hack. The hackers searched for ...
- WestJet says some passengers’ personal information stolen in cyberattack
August 11, 2025
WestJet says some personal data including information about travel documents such as passports was stolen in a cyberattack earlier this year, but credit and debit card numbers as well as user passwords were not compromised. In a note to customers, WestJet says the personal information taken varies from person to person but may include name, date ...
- From ClickFix to Command: A Full PowerShell Attack Chain
August 11, 2025
The FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell. Read more… Source: Fortinet Sign ...
- University of Western Australia suffers major data breach, staff and students locked out
August 11, 2025
One of Australia’s major universities has suffered a data breach, with the password information of thousands of staff and students exposed. The University of WA (UWA) confirmed it was investigating a cybersecurity incident on Saturday night, which involved unauthorised access of password information. Read more… Source: MSN Ness Sign up for the Cyber Security Review Newsletter The latest cyber security ...
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere
August 10, 2025
A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles. Eaton Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the ...
- Massive leak of over 115 million US payment cards caused by Chinese “smishing” hackers
August 10, 2025
A wave of advanced phishing campaigns, traced to Chinese-speaking cybercriminal syndicates, may have compromised up to 115 million US payment cards in just over a year, experts have warned. Researchers at SecAlliance revealed these operations represent a growing convergence of social engineering, real-time authentication bypasses, and phishing infrastructure designed to scale. Investigators have identified a figure ...

