A new WinRAR vulnerability, CVE-2025-8088, was exploited in zero-day phishing attacks to deliver RomCom malware, a Russia-linked hacking group. Users are advised to update their WinRAR software immediately to prevent remote code execution and malware infection. #WinRAR #RomCom #CVE-2025-8088
Keypoints
- The vulnerability allows specially crafted archives to extract files into attacker-controlled paths like the Windows Startup folder.
- The flaw was exploited in phishing emails with malicious RAR attachments to deliver RomCom backdoors.
- RomCom is a Russian hacking group known for ransomware, credential theft, and zero-day exploitation.
- The flaw was fixed in WinRAR 7.13, but users must manually update to stay protected.
- ESET is investigating the attacks and will publish a detailed report shortly.