On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Blackwood APT Group Has a New DLL Loader
January 29, 2024
This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt to install a backdoor for communications monitoring and diversion. It has evasive capabilities and, as of this writing, is targeting companies and ...
- Hacked Microsoft test account was assigned admin privileges
January 27, 2024
The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company’s part, a researcher said. The new detail was provided in vaguely worded language included in a post Microsoft published on Thursday. ...
- The dangers of unused bank accounts and how to close them
January 26, 2024
If you’re like most people, you’ve likely got at least a few unused bank accounts floating around. However, there may be financial and security dangers associated with keeping these unused bank accounts active. Security risks of unused bank accounts Fraud exposure: Unused bank accounts can become targets for fraud. Closing these accounts minimizes the risk. Avoidance of fees: ...
- Albabat ransomware
January 26, 2024
Albabat, also known as White Bat, is a financially motivated ransomware variant written in Rust that identifies and encrypts files important to the user and demands a ransom to release them. It first appeared in November 2023 with the variant Version 0.1.0. Version 0.3.0 was released in late December, followed by version 0.3.3 in mid-January 2024. ...
- UK councils remain downed by cyberattack
January 26, 2024
Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline. The councils for Canterbury, Dover, and Thanet — all of which are based in the U.K. county of Kent and have a combined population of almost 500,000 residents — said ...
- Satellites and the specter of IoT attacks
January 26, 2024
In the vast expanse of space, satellites orbit silently, serving as the connected backbone of our modern world. A fast-proliferating network of satellites forms the critical infrastructure that supports global communication, navigation, weather forecasting, defensive operations and more. Today’s global space economy is huge, forecasted to total more than $600 billion annually in 2024. Internet of ...

