Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada
securityweekWinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies.
A Russian threat group has been observed exploiting a WinRAR zero-day vulnerability as part of a cyberespionage campaign aimed at organizations in Europe and Canada.
The zero-day is tracked as CVE-2025-8088 and it has been described as a path traversal flaw involving the use of alternate data streams. It allows an attacker to create specially crafted archives that cause WinRAR to extract files to a path defined by the attacker rather than the path specified by the user.
Cybersecurity firm ESET discovered the attacks and reported the vulnerability to WinRAR developers. The security hole was patched with an update released on July 30 — a beta version containing the fix was made available on July 25, just one day after ESET’s notification.
According to ESET, the attacks involving CVE-2025-8088 were ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE