Cybersecurity News in Asia

Features
- Featured
  
  Leveraging digital twins to combat rising AI-powered threats
  
  Thursday, January 8, 2026, 1:58 PM Asia/Singapore | Features
- Featured
  
  Editor's pick: Cybersecurity trends in 2026
  
  Wednesday, January 7, 2026, 10:36 AM Asia/Singapore | Cyberthreat Landscape, Features, Newsletter
- Featured
  
  Exploding identity fraud and deepfakes challenge manual oversight of autonomous AI
  
  Tuesday, December 30, 2025, 9:27 AM Asia/Singapore | Features, Newsletter
Opinions
Tips
Whitepapers
Awards 2025
Directory
E-Learning

Critical zero-day exploits dormant WinRAR vulnerability to target global Windows systems

By CybersecAsia editors | Tuesday, August 12, 2025, 4:41 PM Asia/Singapore

A flaw in WinRAR utility could, if left unpatched, allow cybercriminals to deploy malware via malicious archives and phishing campaigns.

What happens when a ubiquitous little file archival/unzipping tool lays dormant in millions of Windows computer systems around the world, un-updated for years — and then suddenly a high criticality zero day exploit is suddenly unleashed on the unsuspecting world?

The tool being referred to is Winrar, and a critical zero-day vulnerability (CVE-2025-8088, CVSS score 8.8) in the widely used file archiving tool has recently been exploited in active cyberattack campaigns, putting millions of systems at risk.

The software flaw is a path traversal vulnerability affecting Windows versions and their software components, such as the UnRAR.dll and command-line utilities.

This vulnerability allows attackers to craft malicious archive files that appear harmless but contain hidden alternate data streams (ADSes) that deploy malware during extraction.

Discovered by ESET researchers in mid-July 2025, and promptly patched in WinRAR version 7.13 by end-July, the vulnerability enables attackers to silently write malicious files outside the intended extraction folder — such as placing payloads in the Windows startup directory — enabling persistence through automatic execution upon system boot.

The Russia-aligned cyber threat group RomCom has been observed exploiting this zero-day in targeted spear-phishing campaigns aimed at financial, manufacturing, defense, and logistics firms across Europe and Canada. The attacks use resume-themed lures to trick victims into opening booby-trapped RAR attachments. Upon extraction, malicious DLLs and shortcut (LNK) files are deployed; these launch backdoor malware variants including SnipBot, RustyClaw, and Mythic agent, enabling extensive remote control and data exfiltration capabilities.

Additionally, another Russian group known as Paper Werewolf had reportedly leveraged this vulnerability alongside a related directory traversal bug patched in June 2025 to target Russian organizations. The rapid weaponization of this long-dormant yet widespread tool highlights the severe risk posed when critical software remains un-updated.

The incident underscores the need for prompt patching, and caution against opening unsolicited archive attachments, especially in spear-phishing contexts.