A newly discovered vulnerability in WinRAR is being exploited by the Russia-aligned group RomCom to conduct espionage attacks on high-value targets. These attacks, identified as CVE-2025-8088, involve spearphishing campaigns aimed at companies in the financial, manufacturing, defense, and logistics sectors across Europe and Canada. The flaw allows attackers to execute arbitrary code through specially crafted malicious archive files. This marks the third significant zero-day vulnerability exploited by RomCom, highlighting the group’s commitment to investing substantial resources in its operations. Users of WinRAR are advised to update to the latest version, 7.13, to protect against these threats. Additional insights are available in a video by ESET’s Chief Security Evangelist Tony Anscombe and a detailed blog post.
Are espionage attacks exploiting a WinRAR zero-day vulnerability?
