Russian Hackers Exploit WinRAR Zero-Day to Spread RomCom Malware

August 11, 2025 at 07:08 PM

•

1 min read

Russian Hackers Exploit WinRAR Zero-Day to Spread RomCom Malware — Photo: theregister.com

TL;DR Summary

Russia-linked attackers exploited a high-severity WinRAR vulnerability (CVE-2025-8088) before it was patched, using targeted spearphishing campaigns against European and Canadian companies. The vulnerability involves a path-traversal flaw that was exploited via malicious archives containing ADSes, leading to malware deployment and backdoors like Mythic, SnipBot, and RustyClaw. Multiple threat groups, including RomCom and Paper Werewolf, have used this zero-day in targeted attacks, highlighting the importance of timely updates and vigilance.

Topics:technology #cve-2025-8088 #cyberattacks #cybersecurity #romcom #winrar #zero-day

Share this article

Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks theregister.com
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability WeLiveSecurity
WinRAR zero-day exploited to plant malware on archive extraction BleepingComputer
Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada SecurityWeek
WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware Hack Read

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

92%

916 → 69 words

Want the full story? Read the original article

Read on theregister.com

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights