All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Russian Cybercrime Groups Exploit WinRAR Zero-Day Vulnerability

By

chrisjj

9mo ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Crisped on the outside, thoughtful enough on the inside.

Score70TypenewsSentimentnegative

Summary

A high-severity zero-day vulnerability in WinRAR is being actively exploited by two Russian cybercrime groups, allowing them to backdoor computers through malicious archive files attached to phishing messages. Security firm ESET detected the attacks starting July 18, confirming the exploitation by July 24.

Key quotes

· 3 pulled
A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups.
Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path.
By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability in WinRAR.
Snippet from the RSS feed
Exploits allow for persistent backdooring when targets open booby-trapped archive.

You might also wanna read

Critical 7-Zip vulnerability (CVE-8.8) enables code execution via crafted archive files; update to version 26.01 urged

A critical 8.8-rated CVE vulnerability has been discovered in the popular open-source archive utility 7-Zip. The flaw allows remote code exe

tomshardware.com·1d ago