New WinRAR Zero-Day (CVE-2025-8088) Exploited by Russian Cybercrime Groups
New WinRAR Zero-Day (CVE-2025-8088) Exploited by Russian Cybercrime Groups
A critical zero-day vulnerability in the widely used WinRAR file compressor, now identified as CVE-2025-8088, is under active exploitation by at least two Russian cybercrime organizations. Security firm ESET initially detected these sophisticated attacks on July 18, leading to the rapid discovery and subsequent patching of the flaw on July 30.
The attacks leverage malicious archives distributed via phishing messages, some of which are highly personalized. Upon opening, these archives exploit a previously unknown path traversal flaw to plant malicious executables in normally restricted Windows directories, effectively backdooring the victim’s computer. ESET attributes one wave of attacks to RomCom, a financially motivated group known for its advanced tradecraft and willingness to invest in zero-day exploits. Interestingly, Russian security firm Bi.ZONE also identified another group, Paper Werewolf (also known as GOFFEE), exploiting the same vulnerability, indicating a broad and coordinated threat landscape.
Disclaimer: This content is aggregated from public sources online. Please verify information independently. If you believe your rights have been infringed, contact us for removal.