On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Four Industrial Control Systems Advisories
January 17, 2023
CISA released four Industrial Control Systems (ICS) advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-017-01 GE Proficy Historian ICSA-23-017-02 Mitsubishi Electric MELSEC iQ-F, iQ-R Series Read more… Source: U.S. Cybersecurity and ...
- Hackers can use GitHub Codespaces to host and deliver malware
January 17, 2023
Researchers have demonstrated how threat actors can abuse the GitHub Codespaces’ port forwarding’ feature to host and distribute malware and malicious scripts. GitHub Codespaces allows developers to deploy cloud-hosted IDE platforms in virtualized containers to write, edit, and test/run code directly within a web browser. Read more… Source: Bleeping Computer
- Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
January 17, 2023
While threat hunting, Trend Micro researchers found an active campaign using Middle Eastern geopolitical themes as a lure to target potential victims in the Middle East and Africa. In this campaign researchers have labeled Earth Bogle, the threat actor uses public cloud storage services such as files.fm and failiem.lv to host malware, while compromised web ...
- Hackers exploit Cacti critical bug to install malware, open reverse shells
January 15, 2023
More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit. Cacti is an operational and fault management monitoring solution for network devices that also provides graphical visualization. There are thousands of instances deployed across the world exposed on ...
- Ransomware has now become a problem for everyone, and not just tech
January 15, 2023
It’s a new year, a time when many people look to turnover a new leaf and make some positive changes. Sadly, not everyone. In particular, it seems that ransomware gangs show no signs of letting up on their criminal activity in 2023. Then again, why would they? Read more… Source: ZDNet
- CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session
January 14, 2023
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems. Earlier this month, CircleCi disclosed that they suffered a security incident and warned customers to rotate their tokens and secrets. data thIn a new security incident report on the attack, CircleCi ...