Zero-dayJun 9, 2026

Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Russian attackers exploit patched WinRAR vulnerability CVE-2025-8088 against Ukrainian military and government targets.

Summary

Two separate Russian-linked campaigns are actively exploiting CVE-2025-8088, a WinRAR vulnerability patched in July 2024, to conduct data theft and cyberespionage operations targeting Ukrainian military and government organizations. The attacks demonstrate post-patch exploitation, suggesting defenders have not universally applied updates despite the flaw's public disclosure.

Indicators of Compromise

cve — CVE-2025-8088

Entities

WinRAR (product)Russian state-sponsored groups (threat_actor)path traversal exploitation (technology)