TECH NEWS

Two Russian APT groups are exploiting a WinRAR flaw patched nearly a year ago to hit Ukraine

TL;DR

Two FSB-linked groups exploit a WinRAR bug patched in July 2025 to steal Ukrainian credentials. The patch exists but adoption remains slow.

Two Russian state-linked hacking groups are actively exploiting a path traversal vulnerability in WinRAR that was patched nearly a year ago, using it to deploy credential-stealing malware against Ukrainian government and military targets, according to research published by Trend Micro. The flaw, tracked as CVE-2025-8088 and rated 8.4 on the CVSS scale, allows attackers to abuse NTFS Alternate Data Streams to hide malicious payloads inside archive files that appear harmless to the recipient. The patch shipped in WinRAR 7.13 on 30 July 2025, but active exploitation began at least 12 days earlier, and the two groups are still using it because WinRAR remains deeply embedded in Ukrainian organisations and update adoption has been slow.

Gamaredon, the FSB-linked group that Trend Micro tracks as Earth Dahu, is using...

Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE

Two Russian APT groups are exploiting a WinRAR flaw patched nearly a year ago to hit Ukraine

TL;DR

Read more

GM Wants Your Electric Car to Power Your House—and Your Neighborhood

GM thinks EVs can help offset AI’s energy suck with vehicle-to-grid tech

MIT’s ultrasound wristband tracks every finger movement and lets you control a robot hand in real time

Vinted’s CEO says the US is an “enormous opportunity” as the $9B secondhand marketplace plots its Atlantic crossing