A new zero-day vulnerability in WinRAR (CVE-2025-8088) is actively exploited by the Russia-aligned group RomCom, targeting global enterprises with stealthy supply-chain-style attacks. Prompt patching and vigilant monitoring are essential to defend against this sophisticated threat. #WinRAR #RomCom #CVE20258088
Keypoints
- The CVE-2025-8088 vulnerability exploits Windows alternate data streams to hide malicious files in RAR archives.
- RomCom has used multiple zero-days in recent years to target industries like finance, defense, and manufacturing across Europe and Canada.
- The malicious archives drop DLLs and shortcuts into system folders to maintain persistence, often via COM hijacks.
- Rapid patching by WinRAR highlights the importance of immediate updates and behavioral monitoring.
- Organizations should scrutinize job-related attachments and share threat intelligence to mitigate such stealthy exploits.
Read More: https://thecyberexpress.com/new-zero-day-in-winrar-abused-by-romcom/