Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads.
The security issue is a path traversal flaw that leverages Alternate Data Streams (ADS) to write malicious files to arbitrary locations. Attackers have exploited this in the past to plant malware in the Windows Startup folder, for persistence across reboots.
Praise the lord Linus for the gift of Linux!
7z ftw.
Also, there’s the tactic of not using NTFS
If you’re into that kind of thing
FYI: the prefix “win” is software jargon for insecure software to let advanced users know to avoid.
Fuck winrar and all the morons who used it.
People who still use WinRAR kinda deserve that. Seriously. WinRAR in 2026? Like WTF.
What, don’t you still use it to unpack warez?
7zip (or its modern GUI fork NanaZip) is free and open source.
