Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

High-Severity WinRAR 0-Day Exploited for Weeks by 2 Groups

EUROPE AND CANADA, AUG 11 – RomCom used malicious RAR archives in spearphishing campaigns to deploy backdoors and malware for espionage against European and Canadian firms, with no successful compromises reported.

  • On July 18, 2025, the Russian-aligned group RomCom exploited a zero-day path traversal vulnerability, CVE-2025-8088, in WinRAR to target companies in Europe and Canada via spearphishing campaigns.
  • ESET researchers discovered the vulnerability after identifying malicious RAR archives that used alternate data streams to deploy backdoors including SnipBot, RustyClaw, and Mythic agent, prompting a patch release on July 30, 2025.
  • The attacks deployed malicious LNK and DLL files by placing the shortcuts within the Windows Startup folder to maintain persistence, with the malware activating specifically when the system’s domain matches a predefined target value embedded in its code.
  • RomCom's phishing emails pretended to be job applications and reconnaissance confirmed high targeting, with roughly a dozen potential victims but no confirmed compromises, while another threat actor 'Paper Werewolf' also exploited the flaw.
  • WinRAR lacks an auto-update feature, so users must manually install version 7.13 to mitigate the vulnerability, but public disclosure raises the risk of wider exploitation by other actors in future attacks.
Insights by Ground AI
Does this summary seem wrong?
Podcasts & Opinions

15 Articles

Ars TechnicaArs Technica
Reposted by
technewstube.comtechnewstube.com
Center

High-severity WinRAR 0-day exploited for weeks by 2 groups

Exploits allow for persistent backdooring when targets open booby-trapped archive.

·United States
Read Full Article
The RegisterThe Register
Center

Russia's RomCom among those exploiting a WinRAR 0-day

: A few weeks earlier 'zeroplayer' advertised an $80K WinRAR 0-day exploit

Read Full Article
PC MagPC Mag
Lean Left

Russian 'RomCom' Hackers Exploit WinRAR Flaw Via Phishing Emails

ESET warns that at least two Russian hacking groups are using the zero-day flaw in WinRAR for cyberespionage purposes.

·United States
Read Full Article
Globe NewswireGlobe Newswire
Center

ESET Research: Russian RomCom group exploits new vulnerability, targets companies in Europe and Canada

If you use WinRAR or other affected components such as the Windows versions of its command line utilities, UnRAR.dll, or the portable UnRAR source code,...

Read Full Article
BleepingComputerBleepingComputer
Center

Details emerge on WinRAR zero-day attacks that infected PCs with malware

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads.

Read Full Article
Génération-NTGénération-NT

Winrar: the Zero-Day Flaw that Delivers the Pc to Russian Hackers

The vulnerability CVE-2025-8088 in WinRAR is actively exploited by Russian attackers of the RomCom group. Via false CV, they install malware to spy on companies in Europe and Canada.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 80% of the sources are Center
80% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Help Net Security broke the news in on Monday, August 11, 2025.
Sources are mostly out of (0)

Similar News Topics

Hacking icon

Hacking

Software icon

Software

Windows icon

Windows

Cybercrimes icon

Cybercrimes

News
For You
SearchBlindspotLocal