On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Nokia subsidiary discloses data breach after Conti ransomware attack
August 23, 2021
SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. Read more… Source: ...
- Attackers Actively Exploiting Realtek SDK Flaws
August 23, 2021
Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits (SDK) deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector Research Lab. It took about 48 hours for attackers to start trying to ...
- LockFile ransomware uses PetitPotam attack to hijack Windows domains
August 20, 2021
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in ...
- Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action
August 19, 2021
Ransomware is one of the biggest cybersecurity threats to businesses today, and cyber criminals can potentially make millions of dollars in Bitcoin for a single successful attack. This lure of quickly making large sums of money is attracting interest from across the cyber-criminal spectrum, from sophisticated gangs specialising in ransomware attacks, to affiliate schemes where wannabe ...
- Diavol ransomware sample shows stronger connection to TrickBot gang
August 18, 2021
A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. The recent research is the second one that finds common ground in the code of the two threats, tying them to the same actor. Previous analysis of Diavol (Romanian for Devil) ...
- The Next Disruptive ICS Attacker: An Advanced Persistent Threat (APT)?
August 18, 2021
No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence ...