Particle.news
Download on the App Store
11 ARTICLES
·
last wk.

WinRAR Patch Fails to Stem Spread of Critical Zero-Day Exploit

Unpatched WinRAR installations remain at risk following ESET’s release of indicators of compromise for a high-severity path-traversal flaw.

Image
WinRAR zero-day CVE-2025-8088 exploited by RomCom
Image
WinRAR zero-day

Overview

  • On July 30, WinRAR released version 7.13 to fix CVE-2025-8088, a path-traversal vulnerability that abuses NTFS Alternate Data Streams to override extraction paths.
  • ESET’s August 11 report details three targeted spearphishing chains by Russia-aligned RomCom that concealed backdoors—Mythic Agent, SnipBot and MeltingClaw—inside malicious RAR archives.
  • Russian cybersecurity firm Bi.zone and other researchers confirm parallel exploitation by Paper Werewolf and cite ads for working WinRAR exploits on underground forums.
  • Although ESET observed no confirmed breaches from the RomCom campaign, public disclosure of the flaw has heightened the threat of broader exploitation by additional actors.
  • Organizations are urged to manually update to WinRAR 7.13 and apply published IOCs to detect hidden DLLs and LNK files extracted to temporary folders and startup directories.