New WinRAR Zero-Day (CVE-2025-8088) Exploited by Russian Cybercrime Groups
New WinRAR Zero-Day (CVE-2025-8088) Exploited by Russian Cybercrime Groups A critical zero-day vulnerability in the widely used WinRAR file compressor, now identified as CVE-2025-8088, is under active exploitation by at least two Russian cybercrime organizations. Security firm ESET initially detected these sophisticated attacks on July 18, leading to the rapid discovery and subsequent patching of the flaw on July 30. The attacks leverage malicious archives distributed via phishing messages, some of which are highly personalized. Upon opening, these archives exploit…