WinRAR
Coverage of WinRAR in the Nexus archive.
- A week in security (June 29 – July 5)
The article highlights multiple security threats, including malware spread through verified ads on Mac systems, the ConsentFix malware stealing Microsoft accounts, and vulnerabilities in Apple's Hide My Email feature. It also covers fake Google and Cloudflare verification pages distributing malware, a critical WinRAR flaw, a deceptive Perplexity Chrome extension, and security updates from Apple for iOS, MacOS, and Safari.
- Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group Gamaredon is exploiting a WinRAR vulnerability (CVE-2025-8088) to deliver malware families like GammaWorm, GammaSteel, and GammaPhish, targeting data theft and propagation. Sekoia reports that the attack chain uses a path traversal flaw in WinRAR to deploy an HTML Application payload for further malicious activity.