A recently fixed WinRAR vulnerability tracked as CVE-2025–8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.

The flaw is a directory traversal vulnerability that was fixed in WinRAR 7.13, which allows specially crafted archives to extract files into a file path selected by the attacker.

“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path,” reads the WinRAR 7.13 changelog.

Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.

In June, Google warned that a threat actor they classify as ‘UNC6040’ is targeting companies’ employees in voice phishing (vishing) social engineering attacks to breach Salesforce instances and download customer data. This data is then used to extort companies into paying a ransom to prevent the data from being leaked.

In a brief update to the article last night, Google said that it too fell victim to the same attack in June after one of its Salesforce CRM instances was breached and customer data was stolen.

Attackers used 11 Go and 2 npm packages to spread malware across platforms, putting open-source developers at risk.

Dear Friends and Colleagues, Please see some infographic resources I created to help capture some of the topics of the day. Thanks and best, Chuck

Ukraine’s CERT-UA warns of UAC-0099 and Gamaredon phishing attacks using custom malware and social lures.

Fake apps from VexTrio on Apple and Google stores mislead users, steal data, and charge hidden fees.

ClickFix malware replaced ClearFake in 2024, infecting users via fake CAPTCHAs and trusted platforms.