Skip to main content

Tag: cve 2025 8088

4 articles

Dimly lit office space with computer workstation, scattered papers, and RAR archive box, conveying targeted espionage.

Turla Unveils STOCKSTAY Backdoor in Ukraine Espionage Campaigns

Russian hackers, specifically the state-sponsored group Turla, have unleashed a new and stealthy backdoor called STOCKSTAY in a recent espionage campaign targeting Ukraine. This sneaky malware uses a secure WebSocket connection to communicate with its command center, making it a formidable tool for cyber spies.

Analyst 207
Worn computer workstation in a cluttered Ukrainian office with outdated software visible on the monitor.

Russia-Aligned Groups Exploit WinRAR Flaw to Deploy Stealers in Ukraine

Despite a July 2025 patch, a vulnerability in WinRAR, known as CVE-2025-8088, continues to be exploited by Russia-aligned groups, including SHADOW-EARTH-066, to deploy stealers in Ukraine. This highlights the risks of unmanaged software leaving exploited entry points open long after a fix is released.

Analyst 207
Cluttered office desk with laptop, router, and papers, softly glowing in a cityscape-lit room.

Gamaredon Exploits WinRAR Flaw to Deliver GammaWorm, GammaSteel Malware

Cyber attackers have cleverly exploited a WinRAR flaw to unleash a potent malware duo, GammaWorm and GammaSteel, with the goal of taking control of infected systems and executing malicious scripts. This sneaky tactic, spotted by French cybersecurity firm Sekoia, allows hackers to fingerprint host systems, manipulate network settings, and fetch additional payloads from command and control servers.

Analyst 207
Windows desktop with File Explorer partially open, showing blurred files and a hint of a hidden folder in the background.

FSB-Linked Worm Exploits Windows Flaw to Evade Detection

Cyber attackers have cleverly exploited a known Windows flaw, CVE-2025-8088, to sneak a malicious payload into victims' systems, allowing them to gain access and lay the groundwork for further attacks. This stealthy move was uncovered by Sekoia, which tracked the initial access stage as GammaPhish.

Analyst 207