Particle.news
Download on the App Store
5 ARTICLES
·
16h ago

Russia-Linked Hackers Continue Exploiting WinRAR Zero-Day, Manual Patch Required

Security teams say only a manual update to version 7.13 will close the path traversal hole being weaponized in RomCom phishing attacks.

WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware
Image

Overview

  • CVE-2025-8088 is a directory traversal flaw in WinRAR 7.12 and earlier that was patched in version 7.13 on July 31.
  • ESET researchers have documented active RomCom campaigns using the zero-day in spear-phishing emails to deploy backdoor malware.
  • Attackers exploit the vulnerability to drop executables into Windows Startup folders, triggering remote code execution at user login.
  • WinRAR lacks an auto-update mechanism, leaving users exposed unless they manually download and install the 7.13 update.
  • Analysis indicates other threat actors, including Paper Werewolf, may be leveraging similar directory traversal exploits against unpatched utilities.