1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Still using WinRAR? You should probably look out for these potent

    From TechnologyDaily@1337:1/100 to All on Wednesday, January 28, 2026 19:15:09
    Still using WinRAR? You should probably look out for these potentially dangerous security flaws

    Date:
    Wed, 28 Jan 2026 19:05:00 +0000

    Description:
    A high severity flaw in WinRAR allows crooks to execute malware remotely.

    FULL STORY ======================================================================WinRAR flaw CVE-2025-8088 exploited by state-sponsored and criminal groups Attackers use ADS feature to deploy malware via malicious archives Users urged to
    update to WinRAR 7.13 or newer for protection

    Iconic Windows archiving program WinRAR contains a high-severity
    vulnerability that allows threat actors to execute arbitrary code on compromised endpoints - and security researchers are now saying the bug is being exploited by numerous hacking collectives, both state-sponsored and otherwise.

    The bug in question is described as a path traversal flaw, affecting versions 7.12 and older. It is tracked as CVE-2025-8088, and was given a severity
    score of 8.4/10 (high).

    In order to secure your premises and prevent hacker incursions, security pros advise updating the program to version 7.13, or newer. Abused as a zero-day

    Now, BleepingComputer is saying that multiple security outfits were warning about numerous hacking collectives using this flaw in their attacks.

    Among them is RomCom, a Russia-aligned group, who used it to deploy
    NESTPACKER against Ukrainian military units. Other notable mentions include APT44 and Turla (also used against the Ukrainian military), Carpathian, and multiple Chinese state-sponsored actors who were allegedly using it to drop the POISONIVY malware .

    Googles Threat Intelligence Group (GTIG), the cybersecurity arm that mostly tracks state-sponsored attackers, said the earliest signs of abuse were seen in mid-July 2025. Since then, hackers were using the Alternate Data Streams (ADS) feature in WinRAR to write malware to arbitrary locations on target devices.

    "While the user typically views a decoy document, such as a PDF, within the archive, there are also malicious ADS entries, some containing a hidden payload while others are dummy data," Google said.

    When the victim opens the archive, the program extracts the ADS payload using directory traversal, it was explained.

    Besides nation-states, financially motivated groups were also leveraging this bug, using it to drop infostealers such as XWorm, or AsyncRAT.

    WinRAR does not allow automatic updates, but you dont need to uninstall the program before running the new version. It will just be installed over the existing one.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/still-using-winrar-you-should-probably- look-out-for-these-potentially-dangerous-security-flaws


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)