On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.
The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- REvil ransomware hits US nuclear weapons contractor
June 14, 2021
US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack. Sol Oriens describes itself as helping the “Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms carry out complex programs.” However, job postings first ...
- Microsoft: SEO poisoning used to backdoor targets with malware
June 14, 2021
Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan (RAT) capable of stealing the victims’ sensitive info and backdooring their systems. The malware delivered in this campaign is SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo), a .NET RAT that runs in memory and is used by ...
- Avaddon ransomware shuts down and releases decryption keys
June 11, 2021
The Avaddon ransomware gang has shut down operation and released the decryption keys for their victims to BleepingComputer.com. This morning, BleepingComputer received an anonymous tip pretending to be from the FBI that contained a password and a link to a password-protected ZIP file. Read more… Source: Bleeping Computer
- Hackers can exploit bugs in Samsung pre-installed apps to spy on users
June 10, 2021
Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system. The bugs are part of a larger set discovered and reported responsibly by one security researcher through the company’s bug bounty program. Since the beginning of the year, Sergey Toshin – the ...
- JBS Paid $11M to REvil Gang Even After Restoring Operations
June 10, 2021
JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend. The company made the payment to cybercriminals to ensure the protection of its data and mitigate any further damage to its customers, as ...
- Chrome Browser Bug Under Active Attack
June 10, 2021
Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue. In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome ...