CVE-2025-8088
-
Infy resumes operations with new C2 infrastructure after nationwide outage
Infy paused C2 activity on January 8, 2026 and reestablished new command and control servers on January 26, 2026, deploying Tornado version 51 and new delivery methods that include a weaponized WinRAR SFX.
-
Amaranth Dragon exploits WinRAR flaw to target Southeast Asian agencies
Amaranth Dragon exploited CVE-2025-8088 in WinRAR to target government and law enforcement agencies across six Southeast Asian countries from mid-2025, delivering encrypted loaders and using Cloudflare-backed command servers.
-
Multiple groups exploit WinRAR CVE-2025-8088 using Alternate Data Streams since July 2025
Multiple state-backed and criminal groups have exploited the high severity WinRAR path traversal CVE-2025-8088 since July 18, 2025. Exploits hide payloads in Alternate Data Streams and can drop persistent launchers to Startup folders.
-
CISA adds WinRAR flaw CVE-2025-6218 to known-exploited list after reported active use
CISA added a WinRAR path traversal vulnerability, CVE-2025-6218 (CVSS 7.8), to its Known Exploited Vulnerabilities catalog after reports of active exploitation by multiple threat groups; RARLAB patched the bug in WinRAR 7.12 for Windows in June 2025 and agencies are required to remediate by Dec. 30, 2025.
-
WinRAR Addresses Critical Zero-Day Vulnerability Exploited in Active Attacks
WinRAR has released an urgent update to address a critical zero-day vulnerability, CVE-2025-8088, that is actively being exploited to execute arbitrary code through malicious archive files. Users are strongly advised to upgrade to version 7.13.
