A previously unknown zero-day vulnerability in WinRAR, one of the world’s most popular file archiving utilities, is allegedly being exploited by Russian state-sponsored hacking groups. The critical flaw, tracked as CVE-2025-8088, has been used in targeted attacks against governmental and other organizations across Europe and Canada. WinRAR is a household name in software, used by millions of people and organizations globally to compress and decompress files, making any vulnerability a significant security concern.
The attacks reportedly begin with sophisticated phishing campaigns, where targets receive emails containing a specially crafted malicious archive. When a user attempts to open this file with a vulnerable version of WinRAR, the exploit is triggered, allowing the attackers to execute arbitrary code on the victim’s computer. This provides the threat actors with a foothold in the compromised system, which they have been observed using to deploy malware known as RomCom, a remote access trojan that grants them extensive control over the infected machine.
The campaign highlights the continued use of software vulnerabilities by advanced persistent threat (APT) groups for espionage and intelligence gathering. Security researchers have linked the activity to groups associated with Russian foreign intelligence. In response to the discovery, the developers of WinRAR have released a patched version of the software. All users are strongly urged to update to the latest version immediately to protect their systems from this ongoing threat.
