Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

SUMMARY :

A zero-day vulnerability in WinRAR, CVE-2025-8088, has been discovered being exploited in the wild by the Russia-aligned group RomCom. The vulnerability allows attackers to hide malicious files in archives, which are silently deployed when extracted. The exploit was used in spearphishing campaigns targeting financial, manufacturing, defense, and logistics companies in Europe and Canada. Three execution chains were identified, delivering various backdoors including a SnipBot variant, RustyClaw, and Mythic agent. This marks the third time RomCom has exploited a significant zero-day vulnerability, highlighting their focus on acquiring and using exploits for targeted attacks. Users are advised to update WinRAR immediately to mitigate the risk.

OPENCTI LABELS :

backdoor,exploit,zero-day,vulnerability,spearphishing,mythic,winrar,snipbot,rustyclaw,russia-aligned,cve-2025-8088


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability