THE content focuses on the ongoing exploitation of the WinRAR vulnerability CVE-2025-8088, targeting Ukrainian organizations despite a patch being released in 2025. Attackers use NTFS Alternate Data Streams to deliver malicious payloads through RAR files disguised as decoy documents. The document highlights two threat actor groups: SHADOW-EARTH-066, which has evolved its methods to include memory-resident malware targeting multiple browsers, and Earth Dahu, which employs scripts for its attacks.
The article emphasizes the issue of patch adoption, as WinRAR does not auto-update and is often overlooked in standard vulnerability management, stressing the need for organizations to audit and monitor their installations to mitigate risks.