If you haven’t updated your WinRAR to the latest version, you need to do it right now.
A dangerous zero-day vulnerability — tracked as CVE-2025–8088 — is actively being exploited in real-world attacks, and hackers are already on the move.
Press enter or click to view image in full size
Security experts from ESET discovered a path traversal vulnerability in the Windows version of WinRAR.
In simple terms: attackers can send you a malicious RAR archive that looks harmless. But the moment you extract it, it can drop files into sensitive system locations — like the Windows Startup folder — allowing hackers to run malware without you noticing.
And here’s the scary part — this isn’t a “potential” problem. It’s already happening.
Reports point to a Russia-linked hacking group called Paper Werewolf (aka GOFFEE).
They’ve been using CVE-2025–8088 alongside another WinRAR bug (CVE-2025–6218) to hit high-value targets.
Their targets so far include:
- Finance
- Manufacturing
- Defense
- Logistics