WinRAR vulnerability exploited by two different groups


On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.

The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • PayPal’s “no-code checkout” abused by scammers

    February 27, 2025

    Malwarebytes Labs recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal’s infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due ...

  • How hackers ruined a Disney employee’s life after he downloaded AI photo tool

    February 27, 2025

    A former Disney employee’s world was turned upside down when he downloaded an artificial intelligence-powered photo program, unaware that it was laced with hacking software, during a massive data breach at the entertainment giant. In July, Matthew Van Andel, an engineer at Disney at the time, got a message on the chat forum Discord from an ...

  • Proof-of-Concept Exploits Released for RSync Vulnerabilities

    February 26, 2025

    Five vulnerabilities have been discovered within the RSync utility. RSync is a popular tool for transferring and synchronising files between different systems. RSync is commonly used in Unix-like operating systems. CVE-2024-12084 is a ‘heap-based buffer overflow’ vulnerability, with a CVSSv3 score of 9.8. When used alongside CVE-2024-12085, attackers could gain remote code execution (RCE). CVE-2024-12085 is an ...

  • Ninth day of pro-Russia cyber attacks on Italian sites

    February 25, 2025

    A pro-Russian hacker group, Noname057(16), staged for the ninth consecutive morning on Tuesday a new wave of cyberattacks against Italian websites, specifically targeting local administrations. The provinces of Trapani, Ragusa, Caltanissetta, Enna, the municipality of Catania and the Puglia region were among those affected by the attacks. The Agency for National Cybersecurity is providing help to ...

  • The GitVenom campaign: cryptocurrency theft using GitHub

    February 24, 2025

    In our modern world, it’s difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. With more and more open-source projects being published, both ...

  • F5 Releases Quarterly Security Notification

    February 24, 2025

    F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next. The overview of security advisories addresses 13 vulnerabilities rated as high impact, 3 rated as medium impact, and 1 as low impact. One of the high impact advisories concerns the command injection vulnerability CVE-2025-20029, which has a CVSSv4 ...