Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Russian Cybercrime Groups Exploit WinRAR Zero-Day

2025-08-12
Russian Cybercrime Groups Exploit WinRAR Zero-Day

Two Russian cybercrime groups are actively exploiting a high-severity zero-day vulnerability (CVE-2025-8088) in the widely used WinRAR file compressor. Attacks involve phishing emails containing malicious archives that, when opened, backdoor the victim's computer. The vulnerability abuses Windows' alternate data streams to bypass restrictions and place malicious executables in %TEMP% and %LOCALAPPDATA% directories. Security firms ESET and Bi.ZONE have linked the exploits to RomCom and Paper Werewolf/GOFFEE respectively, demonstrating significant resources and technical capabilities. A patch for the vulnerability has been released by WinRAR.

(arstechnica.com)
Tech
Radicle 1.3.0 Released: Enhanced Collaboration and Windows Support
Depot Hiring: Community & Events Manager - Own the Developer Experience