rarlab News Articles

Weekly Intelligence Report – 26 December 2025 - CYFIRMA

Published On : 2025-12-26 Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes...

3 weeks ago

Vulnerability in WinRAR is being actively exploited by several groups – Research Snipers

The US cybersecurity agency CISA has identified a serious security flaw in the widely used packaging program warned. The vulnerability with the identifier CVE-2025-6218 is currently being exploited by several attackers. Update available for a long time The vulnerability, which has a CVSS score

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

CISA warns WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal fixes by Dec. 30, 2025.

APT-C-08 Hackers Exploiting WinRAR Vulnerability to Attack Government Organizations

APT-C-08 exploits new WinRAR flaw (CVE-2025-6218) to target South Asian governments, stealing sensitive data via malicious archives.

Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running

Warning! WinRAR: Critical Vulnerability That Could Run Malware

Discover WinRAR vulnerability that allows malware execution via archive extraction. Update to version 7.12 beta 1 now!

WinRAR patches bug letting malware launch from extracted archives

WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive.

WinRAR exploit enables attackers to run malicious code on your PC — critical vulnerability patched in latest beta update

The CVE-2025-6218 bug allows attackers to manipulate archive paths, potentially writing to protected system folders

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) - Help Net Security

A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by attackers to execute arbitrary code.

WinRAR Vulnerability Exploited with Malicious Archives to Execute Code

A newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks.

MotW Bypassed: Zero Warning, Full Control – New WinRAR Flaw Silently Bypasses Windows Security

MotW Bypassed: Zero Warning, Full Control – New WinRAR Flaw Silently Bypasses Windows Security - Vulnerabilities - Information Security Newspaper | Hacking News

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) - Help Net Security

A flaw (CVE-2025-31334) allowing attackers to bypass Windows' MotW security warning and execute arbitrary code has been fixed in WinRAR 7.11.

WinRAR flaw bypasses Windows Mark of the Web security alerts

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.

Russian researchers say espionage operation using WinRAR bug is linked to Ukraine

Moscow-based F.A.C.C.T. said it found what appears to be a Ukraine-based campaign exploiting a vulnerability that other cyber-espionage operations have leveraged elsewhere.

Russia and China-linked hackers exploit WinRAR bug

Hackers connected to the governments of Russia and China are allegedly using a vulnerability in a popular Windows tool to attack targets around the world, including in Ukraine and Papua New Guinea.

BumbleBee Malware Buzzes Back on the Scene After 4-Month Hiatus

Cyberattacks targeting thousands of US organizations wields a new attack vector to deliver the versatile initial-access loader — and is a harbinger of a surge in threat activity.

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

DarkCasino: From Zero-Day Exploit to APT Threat! Cybersecurity experts classify DarkCasino as a powerful APT group after exploiting a WinRAR flaw

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR.

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831)

State-sponsored APTs are leveraging WinRAR bug - Help Net Security

A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR.

Google links WinRAR exploitation to Russian, Chinese state hackers

Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems.

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831) - Help Net Security

Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware.

Government-backed actors exploiting WinRAR vulnerability

Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.