Bleeping Computer

WinRAR zero-day exploited to plant malware on archive extraction

A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware. The flaw is a directory traversal vulnerability that was ...
Bleeping Computer

WinRAR SFX archives can run PowerShell without being detected

Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target ...