High-severity WinRAR 0-day exploited for weeks by 2 groups

A high-severity zero-day vulnerability in WinRAR was exploited by two Russian cybercrime groups through phishing messages containing malicious archives. Security firm ESET detected the attacks on July 18 and linked them to an unknown WinRAR vulnerability affecting its 500 million users. The exploit leveraged Windows' alternate data streams to plant malicious executables in restricted directories, allowing attackers to backdoor targeted systems. ESET promptly notified WinRAR developers, leading to a fix released six days later to address the issue.