On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Man convicted following complex two year cybercrime investigation by Police Scotland
May 15, 2024
A 21-year-old man from West Dunbartonshire has been convicted of creating, selling and supporting an online computer system with the capability of bringing down websites. Detective Chief Inspector Andy Maclean, of Police Scotland’s Cybercrime Investigations Unit, said: “Tagore supplied a tool used by his customers to carry out Distributed Denial of Services (DDOS) attacks. These are ...
- Santander hit by data breach affecting customers and staff
May 14, 2024
Spanish bank Santander has said data managed by an external party was recently accessed without permission, affecting some of its clients and all of its current staff. “We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider,” the bank said in a statement on Tuesday. Read more… Source: MSN News Sign up ...
- Massive COMB data breach reveals info on over a billion people
May 14, 2024
Someone is combining information on Chinese citizens leaked in different data breaches into a single database, and has so far made more than 1.2 billion records. This compilation of many breaches (COMB) contains plenty of sensitive user information, including phone numbers, postal addresses, ID card numbers, and more. Researchers claim they spotted an unprotected database on ...
- Christie’s £670m art auctions hit by cyber attack
May 14, 2024
Auction house Christie’s attempts to sell art and other high-value items worth an estimated $840m (£670m) are being hampered by a cyber attack. Lots ranging from a Vincent van Gogh painting, valued at $35m, to rare wine are going under the hammer in its spring auctions. Would-be buyers are unable to view them on its website ...
- Ireland: More than 470 legal proceedings issued against health service after ransomware hit
May 14, 2024
More than 470 legal proceedings have been issued against the Health Service Executive (HSE) in relation to a cyber attack that shutdown the health service’s IT systems and compromised the data of thousands of patients and staff three years ago. Conti, a Russia-based cybercrime group, launched its ransomware attack on the health service on May 14th, ...
- Update Chrome now! Google releases emergency security patch
May 14, 2024
Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close the browser ...

