WinRAR vulnerability exploited by two different groups


On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.

The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Amazon Confirms Employee Data Was Exposed Through MOVEit Breach

    November 12, 2024

    In a significant development that underscores the lasting impact of 2023’s MOVEit vulnerability, Amazon has confirmed that employee data was compromised through a third-party property management vendor. The breach, revealed by a threat actor known as “Nam3L3ss,” exposes the continuing ripple effects of one of last year’s most devastating supply chain attacks. The compromise stems from ...

  • AT&T, Ticketmaster data breach hackers charged with stealing 50 billion records

    November 12, 2024

    The U.S. has indicted two individuals, Connor Moucka and John Binns, according to new documents, for hacking third-party cloud data storage and analytics company Snowflake. The Snowflake hack led to data breaches at numerous companies using the platform such as AT&T, Ticketmaster, and more than 150 other corporations. Read more… Source: MSN News Sign up for our Newsletter Related:

  • New Google Chrome Warning As ‘No 0-Day’ Drive-By Cyber Attack Confirmed

    November 12, 2024

    The cost of zero-day exploits has always been high, especially if they allow an attacker to remotely execute code on a host machine. But why pay hundreds of thousands of dollars for an 0-day when a relatively simple drive-by attack doesn’t need one and can achieve much the same result? That’s what interested an Imperva security ...

  • Pentagon leaker Jack Teixeira sentenced to 15 years in prison

    November 12, 2024

    Jack Teixeira, a member of the Massachusetts National Guard, has been jailed for 15 years for leaking classified documents about the war in Ukraine and other military secrets. A federal judge in Boston, United States, on Tuesday sentenced the 22-year-old after he pleaded guilty earlier this year to six counts of wilful retention and transmission of ...

  • Hot Topic data breach thought to have hit nearly 54 million customers

    November 12, 2024

    Breach notification site Have I Been Pwned has confirmed the personal data of 56,904,909 users was found online, leaked from Hot Topic, Torrid, and Box Lunch customers. Threat actor ‘Satanic’ claimed responsibility for the breach, which was allegedly carried out through an infostealer infection, and made possible by weak security practices. The dataset is reportedly on ...

  • Ymir: new stealthy ransomware in the wild

    November 11, 2024

    In a recent incident response case, Kaspersky researchers discovered a new and notable ransomware family in active use by the attackers, which they named “Ymir”. The artifact has interesting features for evading detection, including a large set of operations performed in memory with the help of the malloc, memmove and memcmp function calls. In the case ...