top of page
ALL POSTS
WinRAR Vulnerability from Years Past Still Powering 2026 Attacks Against Ukraine
Key Findings CVE-2025-8088, a WinRAR path traversal flaw patched in July 2025, remains actively exploited against Ukrainian organizations as of April 2026, nearly a year after the fix was released Two Russia-aligned threat groups, SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon), are leveraging the vulnerability in coordinated campaigns targeting Ukrainian government and military entities The exploit abuses NTFS Alternate Data Streams to silently write files to the Wind
Jun 144 min read
China-Linked Amaranth-Dragon Weaponizes WinRAR Flaw to Spy on SE Asia
Key Findings Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. The activity cluster, tracked by Check Point Research under the moniker "Amaranth-Dragon," shares links to the APT 41 ecosystem. Targeted countries include Cambodia, Thailand, Laos, Indonesia, Singapore, and the Philippines. The campaigns were timed to coincide with sensitive
Feb 52 min read
bottom of page
