tldrdaily.news logo
Tag

Cve 2025 8088

All articles tagged with #cve 2025 8088

Amaranth-Dragon weaponizes WinRAR flaw for Southeast Asian espionage campaigns
security21 days ago

Amaranth-Dragon weaponizes WinRAR flaw for Southeast Asian espionage campaigns

Check Point Research ties Amaranth-Dragon to APT-41, detailing 2025 campaigns across Southeast Asia targeting government and law‑enforcement entities that weaponized the WinRAR CVE-2025-8088 flaw to drop and execute malicious payloads via weaponized archives. The ops use the Amaranth Loader to unload Havoc C2 and later TGAmaranth RAT with a Telegram-based C2 and geo‑restricted infrastructure, plus anti-EDR techniques. The attacks show rapid exploitation of new vulnerabilities and emphasize patching, phishing/weaponized archives, and defense‑in‑depth for regional governments and critical services.

via Check Point Software|
#amaranth-dragon#apt-41#cve-2025-8088
WinRAR CVE-2025-8088 Seized by State and Criminal Actors After Patch
technology28 days ago

WinRAR CVE-2025-8088 Seized by State and Criminal Actors After Patch

Google’s Threat Intelligence Group reports active exploitation of WinRAR CVE-2025-8088 by both state-backed and financially motivated actors, even after a patch (WinRAR 7.13, July 30, 2025). The flaw is used for initial access via a path-traversal method that drops a malicious LNK in the Windows Startup folder/ADS, with campaigns tied to RomCom/UNC4895, UNC2596 (Cuba ransomware), Sandworm, Gamaredon, Turla, and a China-based actor delivering Poison Ivy, deploying payloads such as SnipBot, AsyncRAT, and XWorm and even browser extensions for Brazilian banking sites. The widespread activity underscores an active underground market for exploits and persistent defense gaps, with a separate flaw CVE-2025-6218 also being exploited by multiple groups.

via The Hacker News|
#cve-2025-8088#malware#ransomware
WinRAR ADS path-traversal flaw drives ongoing global intrusions
security29 days ago

WinRAR ADS path-traversal flaw drives ongoing global intrusions

Security researchers warn that WinRAR CVE-2025-8088, a high-severity path-traversal flaw abusing Alternate Data Streams to drop payloads, remains actively exploited by both state-backed groups and financially motivated criminals. The exploit chain hides malicious ADS inside decoy files and uses directory traversal to drop LNK/HTA/BAT/CMD payloads that execute on login. Actors such as RomCom/UNC4895, APT44, TEMP.Armageddon, Turla, and China-linked groups have used it for espionage and malware delivery, while criminals distribute RATs and info-stealers, with exploits marketed by underground actors. The activity underscores exploit commoditization and emphasizes the need to patch WinRAR promptly to mitigate ongoing risk.

via BleepingComputer|
#alternate-data-streams#cve-2025-8088#path-traversal
Russian Hackers Exploit WinRAR Zero-Day to Spread RomCom Malware
cybersecurity6 months ago

Russian Hackers Exploit WinRAR Zero-Day to Spread RomCom Malware

Russia-linked attackers exploited a high-severity WinRAR vulnerability (CVE-2025-8088) before it was patched, using targeted spearphishing campaigns against European and Canadian companies. The vulnerability involves a path-traversal flaw that was exploited via malicious archives containing ADSes, leading to malware deployment and backdoors like Mythic, SnipBot, and RustyClaw. Multiple threat groups, including RomCom and Paper Werewolf, have used this zero-day in targeted attacks, highlighting the importance of timely updates and vigilance.

via theregister.com|
#cve-2025-8088#cyberattacks#cybersecurity
WinRAR Zero-Day Exploits Lead to Widespread Malware Attacks
technology6 months ago

WinRAR Zero-Day Exploits Lead to Widespread Malware Attacks

Researchers revealed that the Russian RomCom hacking group exploited a previously unknown WinRAR path traversal vulnerability (CVE-2025-8088) in July 2025 to deliver malware via malicious archives, leading to the release of a patch by WinRAR. The attack involved hiding malicious files in alternate data streams and executing malware upon archive extraction, with multiple malware families identified. Users are advised to update WinRAR manually as it lacks an auto-update feature.

via BleepingComputer|
#cve-2025-8088#malware-payloads#romcom-hacking-group
Urgent: WinRAR Zero-Day Exploits Enable Malware and Phishing Attacks
security6 months ago

Urgent: WinRAR Zero-Day Exploits Enable Malware and Phishing Attacks

The WinRAR utility has released version 7.13 to fix a critical zero-day vulnerability (CVE-2025-8088) actively exploited in the wild, which could allow attackers to execute arbitrary code through malicious archive files. The vulnerability, related to path traversal, has been linked to recent attacks by threat groups like Paper Werewolf, targeting Russian organizations via phishing. Users are urged to update to the latest version immediately to mitigate risks.

via The Hacker News|
#cve-2025-8088#security#update
Critical WinRAR Vulnerability Used in Malware and Phishing Attacks
technology6 months ago

Critical WinRAR Vulnerability Used in Malware and Phishing Attacks

A critical security vulnerability in Windows WinRAR (CVE-2025-8088) allows attackers to craft malicious archive files that can place malware in system folders, including startup directories, leading to automatic execution of malicious code at startup. The flaw has been exploited in phishing campaigns by the RomCom cyber-espionage group. Users are urged to update to WinRAR version 7.13 Final manually to patch the vulnerability and enhance security.

via TechSpot|
#cve-2025-8088#malware#phishing