Information

ESET researchers have discovered a previously unknown vulnerability in WinRAR, being exploited in the wild by Russia-aligned group RomCom. This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild. Previous examples include the abuse of CVE-2023-36884 via Microsoft Word in June 2023, and the combined vulnerabilities assigned CVE‑2024‑9680 chained with another previously unknown vulnerability in Windows, CVE‑2024‑49039, targeting vulnerable versions of Firefox, Thunderbird, and the…

The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds 11 Aug 2025 ESET researchers have uncovered a previously unknown vulnerability in WinRAR, actively being exploited by Russia-aligned group RomCom. Tracked as CVE-2025-8088, the path traversal flaw affects WinRAR’s Windows version and lets threat actors execute arbitrary code by crafting malicious archive files. This marks at least the third time RomCom has leveraged a significant…

Mobile Security Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do. Phil Muncaster 08 Aug 2025  •  , 5 min. read There are various bad things that could end up on your smartphone. Spyware designed to turn your phone into a secret surveillance device. Trojans that could harvest your banking logins or credit card data, possibly via a novel method that relays NFC…

Business Security A sky-high premium may not always reflect your company’s security posture Tony Anscombe 08 Aug 2025  •  , 3 min. read When a cyber risk insurance quote lands on your desk and the premium is sky high, it’s natural to assume that the insurer is judging your environment to be high risk. So, when the next quote lands and is more acceptable, does it mean they viewed your risk differently? According to one…

Business Security Who’s to blame when the AI tool managing a company’s compliance status gets it wrong? Tony Anscombe 07 Aug 2025  •  , 3 min. read If you put a group of CISOs in a room, they are all likely to wait for one of them to declare they have the answer, the silver bullet, that solves the issue of the day. In reality, however, what needs to happen is that all the CISOs…

Business Security Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes Tony Anscombe 07 Aug 2025  •  , 3 min. read The 2025 edition of the Black Hat USA conference kicked off with an address from founder Jeff Moss that featured several thought-provoking comments. Among other things, he remarked that technology has become political and pointed to geopolitical sanctions and bans that limit cooperation and hit revenues,…