InfoSecBulletin Cybersecurity for mankind
ESET researchers found a zero-day vulnerability in WinRAR for Windows, tracked as CVE-2025-8088, which has been used to run malicious code on victims’ computers. With a CVSS v3.1 score of 8.4, this flaw lets attackers manipulate extraction processes and place harmful files in the wrong system areas.
Vulnerable versions of WinRAR, including older Windows releases of RAR and UnRAR, can be manipulated to use a file path from a crafted archive instead of the user’s selected destination.
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
WinRAR 7.13, which fixes the vulnerability, is available on the official website. All Windows users should:
Update immediately to WinRAR 7.13 or later.
Avoid opening archives from untrusted sources.
Consider scanning archives with updated endpoint protection before extraction.
7-Zip Arbitrary File Write Vulnerability:
A newly revealed security flaw in the popular 7-Zip software has alarmed the cybersecurity community. CVE-2025-55188 was found by researcher Landon on August 9, 2025. It lets attackers write arbitrary files during archive extraction, which could enable code execution on affected systems.
The vulnerability impacts all 7-Zip versions before 25.01 due to mishandling of symbolic links in extraction. 7-Zip version 25.01, released on August 3, 2025, improves security by enhancing symbolic link handling to prevent unsafe links when extracting archives.
The new version introduces a command-line switch (-snld20) that can bypass the default security checks when creating symbolic links, providing administrators with controlled flexibility while maintaining security by default.
Security researchers urge the need for prompt patching due to the common use of 7-Zip in both businesses and personal computers. This vulnerability is listed in multiple security databases and has led to warnings from various cybersecurity groups.
Mitigation strategies involve updating to 7-Zip 25.01 right away, not extracting archives from untrusted sources, and using sandboxed environments for unknown files. Organizations should audit their systems to ensure all 7-Zip versions are up to date since the software does not update automatically.
