{"id":209215,"date":"2026-01-28T04:46:00","date_gmt":"2026-01-28T09:46:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/google-warns-of-active-exploitation-of-winrar-vulnerability-cve-2025-8088\/"},"modified":"2026-02-02T13:50:08","modified_gmt":"2026-02-02T18:50:08","slug":"google-warns-of-active-exploitation-of-winrar-vulnerability-cve-2025-8088","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/google-warns-of-active-exploitation-of-winrar-vulnerability-cve-2025-8088\/","title":{"rendered":"Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088"},"content":{"rendered":"

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/01\/google-warns-of-active-exploitation-of.html<\/a><\/p>\n

Publish Date: 2026-01-28 04:46:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Jan 28, 2026<\/span><\/span>Vulnerability \/ Threat Intelligence<\/span><\/p>\n

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads.<\/p>\n

“Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated threat actors continue to exploit this n-day across disparate operations,” the Google Threat Intelligence Group (GTIG) said.<\/p>\n

“The consistent exploitation method, a path traversal flaw allowing files to be dropped into the Windows Startup folder for persistence, underscores a defensive gap in fundamental application security and user awareness.”<\/p>\n

The vulnerability in question is CVE-2025-8088 (CVSS score: 8.8), which was patched by WinRAR version 7.13 released on July 30, 2025. Successful exploitation of the flaw could allow an attacker to obtain arbitrary code execution by crafting malicious archive files that are opened by a vulnerable version of the program.<\/p>\n

\"Cybersecurity\"<\/p>\n

ESET, which discovered and reported the security defect, said it observed the dual financial and espionage-motivated threat group known as RomCom (aka CIGAR or UNC4895) exploiting the flaw as a zero-day as far back as July 18, 2025, to deliver a variant of the SnipBot (aka NESTPACKER) malware.<\/p>\n

It’s worth noting that Google is tracking the threat cluster behind the deployment of Cuba Ransomware, which is also known to use RomCom RAT, under the moniker UNC2596. Reports indicate potential connections between the operators of UNC2596, UNC4895, and a data extortion marketplace called Industrial Spy.<\/p>\n

Since then, the vulnerability has come under widespread exploitation, with attack chains typically concealing the malicious file, such as a Windows shortcut (LNK), within the alternate data streams (ADS) of a decoy file inside the archive, causing the payload…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 https:\/\/thehackernews.com\/2026\/01\/google-warns-of-active-exploitation-of.html Publish Date: 2026-01-28 04:46:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":209216,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhmyh6hD6dEZgQCDgGumKxGNc5W_9iRS9Or90FAqQShHB7mO7bls8iiTm3Zd85KEQdLvIZrp3r_mghXMX5r-sJLcdQ57OOYidhqKeSQJcxqCnjA8SFlYh3FGTj8g_ulShcpgUS_k41RmAJuIU77IXQFdcwhZR9hipopYp62cXESIq68MHugeFW5bYIQSCDm\/s1700-e365\/winrar.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,32,27],"class_list":["post-209215","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209215"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209215"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209215\/revisions"}],"predecessor-version":[{"id":209217,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209215\/revisions\/209217"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209216"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}