Tech News
Back to home
Technology

High-severity WinRAR 0-day exploited for weeks by 2 groups

Source

Ars Technica

Published

TL;DR

AI Generated

A high-severity zero-day vulnerability in WinRAR was exploited by two Russian cybercrime groups through phishing messages containing malicious archives. Security firm ESET detected the attacks on July 18 and linked them to an unknown WinRAR vulnerability affecting its 500 million users. The exploit leveraged Windows' alternate data streams to plant malicious executables in restricted directories, allowing attackers to backdoor targeted systems. ESET promptly notified WinRAR developers, leading to a fix released six days later to address the issue.

Read Full Article

Similar Articles

As many as 2 million Cisco devices affected by actively exploited 0-day

As many as 2 million Cisco devices affected by actively exploited 0-day

A zero-day vulnerability affecting up to 2 million Cisco devices has been actively exploited, allowing attackers to remotely crash or execute code on vulnerable systems. The vulnerability, identified as CVE-2025-20352, exists in all supported versions of Cisco IOS and Cisco IOS XE, posing a risk to various networking devices. It can be leveraged by low-privileged users for denial-of-service attacks or by higher-privileged users to run code with root privileges. Cisco advises customers to upgrade to a patched software release to address this issue, which has a severity rating of 7.7 out of 10.

Ars Technica
Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

Senator Ron Wyden has urged the Federal Trade Commission to investigate Microsoft for cybersecurity negligence due to the default use of the vulnerable RC4 encryption cipher in Windows. The senator's office linked this encryption vulnerability to a ransomware breach at Ascension, compromising 5.6 million patient records. This is not the first time Wyden has criticized Microsoft's security practices, highlighting ongoing concerns about the company's cybersecurity approach.

Ars Technica
Google discovered a new scam—and also fell victim to it

Google discovered a new scam—and also fell victim to it

Google recently uncovered a scam targeting Salesforce customers where attackers posed as IT personnel to gain immediate access to accounts. Surprisingly, Google itself fell victim to a similar attack two months later. The hackers, driven by financial motives, exploit a simple method of calling targets and requesting access rather than exploiting software vulnerabilities. Notable companies affected by this campaign include Adidas, Qantas, Allianz Life, Cisco, and LVMH subsidiaries. The attackers manipulate a Salesforce feature allowing account linking to external apps, tricking employees into providing an eight-digit security code to access sensitive data.

Ars Technica
Voice phishers strike again, this time hitting Cisco

Voice phishers strike again, this time hitting Cisco

A Cisco representative was targeted in a voice phishing attack, leading to the exposure of profile information from a third-party customer relationship management system. The compromised data included basic account details like names, addresses, email addresses, and phone numbers of Cisco.com users. Fortunately, sensitive information like passwords was not exposed, and there was no evidence of other CRM instances being affected. Cisco reassured that its products and services were not compromised in the breach.

Ars Technica

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.