ESET researchers have identified a new zero-day vulnerability (CVE-2025-8088) in WinRAR, actively exploited by the Russia-aligned RomCom group through spearphishing campaigns. This path traversal flaw allows silent deployment of backdoors like SnipBot and Mythic agent upon archive extraction, targeting financial, manufacturing, defense, and logistics companies in Europe and Canada. WinRAR has since released a patch (version 7.13), urging immediate updates, underscoring RomCom's persistent use of zero-day exploits for targeted, potentially geopolitically motivated, attacks on critical sectors.
ESET researchers have uncovered a significant zero-day vulnerability in WinRAR (CVE-2025-8088), a widely deployed file compression utility. The flaw was actively exploited by the sophisticated, Russia-aligned threat group RomCom in targeted spearphishing campaigns between July 18th and 21st, 2025. This marks at least the third instance of this group leveraging a zero-day, underscoring its high level of capability and investment in cyber operations. The campaign specifically targeted financial, manufacturing, defense, and logistics companies in Europe and Canada, indicating a strategic focus on espionage and intelligence gathering within critical sectors. Although WinRAR issued a patch (version 7.13) promptly on July 30th and ESET telemetry indicates no successful compromises from this specific campaign, the incident highlights a persistent and elevated risk. The vulnerability was also reportedly exploited by a second threat actor, broadening the potential impact and demonstrating the rapid weaponization of newly discovered flaws in the current geopolitical landscape.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.50
Ticker Sentiment
