- East got a high intensity bug in OneRR that was used by the famous Romkam of the Russian hacking clients
- This bug was being used to deploy backdoors that could have full access to compromised computers
- Winner says he has fixed the problem, so users should update now
The iconic archiving platform Winner pose a dangerous threat of zero day that could allow hackers to compromise computers, security researchers are warning.
Recently, researchers from ESET found out the directory trump and weakness in the latest version of Winner. This flaw has now been tracked as CV-2025-8088, and has been scored 8.4/10 (high).
To further worsen matters, hackers were seen misusing the flaws in the wild to leave the romance malware variations.
You can like
Patch the bug
Researchers at the ESET said that the flaws are being abused by the Russian -speaking actor (highly targeted fashing attacks), known as Russian -speaking dangerous actor, known as spying and financially encouraging attacks.
Its usual goals include key government, military and infrastructure organizations, so spectacular phishing attacks will be perfect.
The group was using the bug to deploy backdoor, which would allow them to have full access to compromising computers.
The group’s initial look was in 2022, targeting institutions in Europe and North America. It often provokes legitimate software in its attacks, the Romcal rat is its flagship malware.
Romakam has also been tracked by Manackers Hurricane -0978, Tropical Scorespeos, and other security organizations under UNC 2596.
After the discovery, Winner issued a patch to fix the error. The first clean version is 7.13.
“When extracting a file, the previous version of the Winrar, the Windows version of the RAR, unorganized, portable non -source code and UNNR.Dll can be deceived in using the route described in a specificly developed document rather than the user’s specific path,” Winner explained in his chain. “RAR, unintended, portable unorganized source codes and the UNIX version of the unmanned library, are not affected by RAR for Android.”
One -Arr is a type of program that is not automatically updated, so unless the user installs it and downloads the latest version manually, they will be weak.
By Blipling computer
