Key Findings CVE-2025-8088, a WinRAR path traversal flaw patched in July 2025, remains actively exploited against Ukrainian organizations as of April 2026, nearly a year after the fix was released Two Russia-aligned threat groups, SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon), are leveraging the vulnerability in coordinated campaigns targeting Ukrainian government and military entities The exploit abuses NTFS Alternate Data Streams to silently write files to the Wind