On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
August 25, 2022
In recent weeks, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence that MERCURY’s observed activity was affiliated with Iran’s Ministry of Intelligence and Security (MOIS). While MERCURY ...
- Kimsuky’s GoldDragon cluster and its C2 operations
August 25, 2022
Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, Kaspersky researchers observed this group was attacking the media and a think-tank in South Korea and reported technical details ...
- LastPass developer systems hacked to steal source code
August 25, 2022
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company’s source code and proprietary technical information. The disclosure comes after BleepingComputer learned of the breach from insiders last week and reached out to the company on August 21st without receiving a response to our questions. Sources told BleepingComputer that employees were ...
- CISA: Preparing Critical Infrastructure for Post-Quantum Cryptography
August 24, 2022
Nation-states and private companies are actively pursuing the capabilities of quantum computers. Quantum computing opens up exciting new possibilities; however, the consequences of this new technology include threats to the current cryptographic standards. These standards ensure data confidentiality and integrity and support key elements of network security. While quantum computing technology capable of breaking public ...
- Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
August 24, 2022
There have already been reports on code-signed rootkits like Netfilter, FiveSys, and Fire Chili. These rootkits are usually signed with stolen certificates or are falsely validated. However, when a legitimate driver is used as a rootkit, that’s a different story. Such is the case of mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game ...
- New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks
August 23, 2022
A new data extortion group named ‘Donut Leaks’ is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Two victims disclosed these attacks without much information regarding who was involved. Over the weekend, DESFA confirmed they suffered a cyberattack after Ragnar Locker leaked screenshots ...