WinRAR vulnerability exploited by two different groups


On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.

The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Every tenth Russian faced cybercriminals in 2023 – Bank of Russia

    February 7, 2024

    Every tenth Russian respondent experienced cybercrime, with losses not exceeding 20,000 rubles (around $220), according to the published results of a survey conducted by the Bank of Russia in 2023. “Last year, there were more people who faced cybercriminals, with every tenth person becoming a victim. Typically, the loss was less than 20,000 rubles. Victims usually ...

  • Known ransomware attacks up 68% in 2023

    February 6, 2024

    Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the ...

  • Iran accelerates cyber ops against Israel from chaotic start

    February 6, 2024

    Since Hamas attacked Israel in October 2023, Iranian government-aligned actors have launched a series of cyberattacks and influence operations (IO) intended to help the Hamas cause and weaken Israel and its political allies and business partners. Many of Iran’s immediate operations after October 7 were hasty and chaotic – indicating it had little or no coordination ...

  • AnyDesk confirms cyber attack, revokes certificates as hackers infiltrate systems

    February 5, 2024

    AnyDesk has confirmed it suffered a cyberattack in which hackers were able to compromise its production systems. In a press release published on the company’s website, the remote access provider said it spotted the attack after seeing “indications of an incident” in some of its systems. Subsequent investigation uncovered compromise in the company’s production systems, it ...

  • Python Info-stealer Distributed by Malicious Excel Document

    February 5, 2024

    In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer. From the fingerprints in this attack, it is related to a Vietnamese-based group that was first reported on in August 2023 and again in September. The attack stages before the info-stealer are simple downloaders that increase the difficulty of detection. This article introduces each stage ...

  • South Korea: KF-21 Fighter Jet Technology Leak Attempt Raises Concerns Over Diplomatic Tensions

    February 5, 2024

    An Indonesian technician working for Korea Aerospace Industries (KAI) was caught trying to leak internal documents related to the Korean supersonic fighter jet KF-21 ‘Boramae.’ While no core technology leaks have been confirmed yet, it is known that the individual attempted to extract a substantial amount of data. According to the Defense Acquisition Program Administration and ...