The Register
Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.
The bug, tracked as CVE-2025-8088 , is a path-traversal flaw that affects the Windows version of the decompression tool. It received an 8.4 CVSS rating and, according to WinRAR, has been patched in the newest version, 7.13, released on July 31.
"When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path," according to the security advisory .
So if you haven't already: update now, and check for these indicators of compromise because RomCom found and exploited the bug as a ze
NFL Pittsburgh Steelers
Sports Illustrated MMA
FOX News Politics
CBS19 News Crime
Associated Press US and World News Video
Washington Examiner 
Reuters US Domestic
Esquire
The List