On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bridgestone Americas confirms ransomware attack, LockBit leaks data
March 11, 2022
A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Bridgestone has tens of production units across ...
- NetWalker ransomware affiliate extradited to the US for further charges
March 11, 2022
The NetWalker ransomware gang affiliate who was sentenced to seven years in prison by Canadian courts at the end of January was extradited to the United States on Wednesday, where he will face further charges related to his participation in the gang. Sebastien Vachon-Desjardins, a Canadian citizen, received the Canadian prison sentence after he pleaded guilty ...
- Corporate website contact forms used to spread BazarBackdoor malware
March 10, 2022
The stealthy BazarBackdoor malware is now being spread via website contact forms rather than typical phishing emails to evade detection by security software. BazarBackdoor is a stealthy backdoor malware created by the TrickBot group and is now under development by the Conti ransomware operation. This malware provides threat actors remote access to an internal device that ...
- Latin e-commerce giant Mercado Libre hacked
March 10, 2022
Latin American e-commerce company Mercado Libre had its systems hacked in an incident that exposed information related to 300,000 users of the platform. The NASDAQ-listed company disclosed the incident in an 8-K filing to the US Securities and Exchange Commission, noting that part of its source code had been subject to unauthorized access, exposing user data. The ...
- Dirty Pipe Privilege Escalation Vulnerability in Linux
March 10, 2022
CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later. Read more… Source: U.S. ...
- Millions of APC Smart-UPS devices vulnerable to TLStorm
March 9, 2022
If you’re managing a smart model from ubiquitous uninterrupted power supply (UPS) device brand APC, you need to apply updates now – a set of three critical zero-day vulnerabilities are making Smart-UPS devices a possible entry point for network infiltration. The vulnerabilities, dubbed “TLStorm” were found in Schneider Electric’s APC Smart-UPS products by security firm Armis, ...