On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Increasing transparency in AI security
October 26, 2023
New AI innovations and applications are reaching consumers and businesses on an almost-daily basis. Building AI securely is a paramount concern, and we believe that Google’s Secure AI Framework (SAIF) can help chart a path for creating AI applications that users can trust. Today, we’re highlighting two new ways to make information about AI supply ...
- ‘iLeakage’ Attack Can Force Apple Safari To Reveal Passwords
October 26, 2023
A group of academic researchers has developed a speculative execution attack named “iLeakage” that can extract sensitive data, such as passwords and emails, on recent Apple devices via the Safari web browser. iLeakage has been developed by a team of academics from Georgia Tech, the University of Michigan, and Ruhr University Bochum after extensive examination of ...
- Kansas court system down nearly 2 weeks in `security incident’ that has hallmarks of ransomware
October 26, 2023
Kansas officials are calling a massive computer outage that’s kept most of the state’s courts offline for two weeks a “security incident” and, while they have provided no explanation, experts say it has all the hallmarks of a ransomware attack. The disruption has left attorneys unable to search online records and forced them to file motions ...
- China crackdown on cyber scams in Southeast Asia nets thousands but leaves networks intact
October 26, 2023
Zhang Hongliang, a former restaurant manager in central China, took various gigs in and outside China to support his family after losing his job during the COVID-19 pandemic. In March, a job offer to teach Chinese cooking at a restaurant led him into a cyber scam compound in Myanmar, where he was instead ordered to ...
- FBI: Threats Associated with the Israel-HAMAS Conflict
October 26, 2023
The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) are issuing this Public Service Announcement to highlight potential threats in the United States from a variety of actors in response to the HAMAS attacks on Israel on 7 October and subsequent activities in the region, including additional calls by foreign terrorist organizations ...
- StripedFly: Perennially flying under the radar
October 26, 2023
It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. It comes equipped with a built-in TOR network tunnel for communication with command servers, along with update and delivery functionality through trusted services such as GitLab, GitHub, ...