WinRAR vulnerability exploited by two different groups


On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.

The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Data breach at IDHS compromises 1M customers

    December 26, 2024

    On April 25, the Illinois Department of Human Services (IDHS) experienced a privacy breach. An outside entity, through a phishing campaign, gained access to multiple employee accounts, and files associated with the accounts. The files included the Social Security numbers (SSNs) of 4,701 customers and three employees. Separately, public assistance account information (name, public assistance account ...

  • Cyberattack on JAL delays some flights, disrupts operations

    December 26, 2024

    Japan Airlines announced on Dec. 26 that its computer network was hit by a cyberattack, which delayed some flights while the company worked to restore the system and resume normal operations. According to JAL, the cyberattack caused a heavy access load to the network equipment connecting internal and external offices from 7:24 a.m. that morning. The ...

  • Analyzing Malicious Intent in Python Code – A Case Study

    December 23, 2024

    Fortinet’s AI-driven OSS malware detection system recently identified two malicious packages: Zebo-0.1.0 on November 16, 2024, and Cometlogger-0.1 on November 24, 2024. Malicious software often masquerades as legitimate code, hiding its harmful features behind complex logic and obfuscation. In this analysis, Fortinet researchers examine the Python scripts behind these two packages, outline their malicious behaviors, and provide ...

  • Cloud Atlas seen using a new tool in its attacks

    December 23, 2024

    Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We’re shedding light on a previously undocumented toolset, which the group used heavily in 2024. Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code. When opened, the document downloads a ...

  • ‘NetWalker’ Ransomware Attacker Gets 20 Years in Prison

    December 21, 2024

    Romanian national Daniel Christian Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy. NetWalker ransomware attacks often targeted the healthcare sector during the COVID-19 pandemic. The attacker obtained nearly 1,600 Bitcoin ransomware payments as a result of his attacks, netting him and another affiliate about $21.5 million. Hulea is being ordered to forfeit these ...

  • Beware Feb. 3, 2025 – Diabolic Ransomware Gang Issues New Attack Warning

    December 21, 2024

    If you thought law enforcement had not only disrupted the LockBit ransomware operation, alongside trolling the criminal gang behind it but taken it out of business altogether, then you are likely in for a shock: LockBitSupp, the group’s alleged leader, has warned LockBit 4 will return next year. In fact, a dark web posting said the ...