There's something about the WinRAR stacked-book logo that makes me all nostalgic, giving me a proper case of the warm fuzzies deep inside. What turns those fuzzies into ouchies, however, is the idea of a zero-day vulnerability in my beloved file compression and extraction tool.

ESET Research first identified the exploit, now classified under the name CVE-2025-8088 , back in July, and published a full breakdown of its findings yesterday. The vulnerability is believed to be in active use by a Russia-aligned hacking group working under the alias RomCom , and is "being exploited in the wild in the guise of job application documents."

The issue has since been fixed in the most recent WinRAR 7.13 release . According to the changelog: "When extracting a file, previous versions of WinRAR, Window

See Full Page