Russian hackers are using a WinRAR vulnerability that was fixed almost a year ago.
Trend Micro’s research shows two Russian state‑linked APT groups have been exploiting CVE‑2025‑8088, a path‑traversal bug rated 8.4 CVSS. The flaw lets them plant credential‑stealing malware on machines running the archived archive tool. Targets include Ukrainian government agencies and military units, and the attacks have been ongoing since the patch was released.
The reuse of an old, well‑known flaw highlights how quickly attackers can turn neglected updates into active weapons. It also underscores the difficulty Ukrainian defenders face when adversaries recycle known exploits rather than waiting for zero‑day surprises.
When a patch is ignored, the risk isn’t theoretical—it becomes a door that nation‑state actors are more than willing to walk through.