Security researchers report that two Russia-aligned hacking campaigns are exploiting a WinRAR vulnerability that was patched nearly a year ago to target Ukrainian organizations. The activity centers on CVE-2025-8088, described as a path traversal flaw in WinRAR. According to Trend Micro research cited by multiple outlets, the flaw is being used in ongoing intrusions aimed at Ukrainian government and military targets. The campaigns use the vulnerability to deliver malware designed to steal credentials and support cyberespionage. The reporting identifies two threat groups attributed by Trend Micro: Earth Dahu (also known as Gamaredon) and SHADOW-EARTH-066 (also known as UAC-0226). One outlet notes the vulnerability’s CVSS score as 8.4, indicating high severity. The campaigns are described as separate efforts that continue after the vulnerability was fixed last July, with attackers leveraging the still-unpatched systems or instances despite the earlier remediation. Overall, the coverage aligns on the same vulnerability, the Ukrainian target focus, and the Russia-linked attribution for the groups involved.
Russia-Linked Groups Exploit Patched WinRAR Flaw to Target Ukraine
Security researchers report that two Russia-aligned hacking campaigns are exploiting a WinRAR vulnerability that was patched nearly a year ago to target Ukrainian organizations. The activity centers o...
- Researchers say two Russia-aligned groups exploit a WinRAR vulnerability to attack Ukrainian targets.
- The exploited flaw is CVE-2025-8088, described as a path traversal issue.
- Trend Micro attributes activity to Earth Dahu (Gamaredon) and SHADOW-EARTH-066 (UAC-0226).
- The campaigns use the flaw to deploy credential-stealing malware and support espionage.
- Multiple reports say patches were released nearly a year earlier, including a fix last July.
Two Russian state-linked hacking groups are actively exploiting a path traversal vulnerability in WinRAR that was patched nearly a year ago, using it to deploy credential-stealing malware against Ukrainian government and military targets, according to research published by Trend Micro. The flaw, tracked as CVE-2025-8088 and rated 8.4 on the CVSS scale, allows attackers to […] This story continues at The Next Web
5 hours agoTwo separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
8 hours agoTwo Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that allows an
11 hours ago
Former Air Canada captain charged over alleged hundreds of flights without required licence
Canadian police charge a former Air Canada pilot with flying for years without the proper licence, according to multiple...
Nick Reiner asks court to unlock $1.5 million trust for his murder defense
Nick Reiner, the son of late filmmaker Rob Reiner and producer Michele Singer Reiner, asks a Los Angeles County court to...
Federal courts raise constitutional concerns over Alabama’s nitrogen gas execution method
Federal courts in the United States are challenging Alabama’s planned use of nitrogen gas for executions. A federal appe...