#Peazip sigue mejorando. Es un señor programón para trabajar con archivos comprimidos y cifrados. Si seguís usando #WinRAR notaréis mucha diferencia. Si ya veníais de usar #7zip quizá no notéis inmediatamente muchas funciones adicionales (que las hay) pero sí una mayor facilidad de uso e interfaz más agradable.
#WinRAR
WinRAR 7.20 chegou: Atualização traz mais velocidade e controlo total aos teus ficheiros
🔗 https://tugatech.com.pt/t77755-winrar-7-20-chegou-atualizacao-traz-mais-velocidade-e-controlo-total-aos-teus-ficheiros
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in Southeast Asia
A Chinese threat actor, Amaranth-Dragon, has been conducting highly targeted cyber-espionage campaigns against government and law enforcement agencies in Southeast Asia throughout 2025. The group swiftly exploited the CVE-2025-8088 vulnerability in WinRAR to deliver malicious payloads, including a custom loader and the Havoc C2 Framework. Their operations demonstrate sophisticated tactics, including geo-restricted command and control servers, use of legitimate hosting services, and a new Telegram-based remote access trojan. The campaigns coincide with significant local geopolitical events, increasing the likelihood of successful compromises. Technical analysis reveals similarities with APT-41, suggesting a possible connection or shared resources between the groups.
Pulse ID: 69836c632ca6c16f064a97d5
Pulse Link: https://otx.alienvault.com/pulse/69836c632ca6c16f064a97d5
Pulse Author: AlienVault
Created: 2026-02-04 15:57:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #Chinese #CyberSecurity #Espionage #Government #ICS #InfoSec #LawEnforcement #OTX #OpenThreatExchange #RAT #RCE #RemoteAccessTrojan #Telegram #Trojan #Vulnerability #WinRAR #bot #cyberespionage #AlienVault
WinRAR version 7.20 has just dropped!
Download and Update today! 👇
#Ghost #Pairing: So liest jemand deine #WhatsApp, ohne dass du es merkst
In dieser Folge von Ich glaube, es hackt springen Tobi und Rüdiger einmal quer durch die digitale Gegenwart – von überraschend profitabler Software über politische #Zensur bis hin zu ziemlich cleveren Security-Hacks (und ein paar sehr menschlichen Bequemlichkeiten).
Themen dieser Episode:
Warum #WinRAR gefühlt ehrlicher wirtschaftet als große KI-Player
#TikTok, Eigentümerwechsel und plötzlich geblockte Begriffe
#WhatsApp vs. #Signal vs. #Threema: Realität im #Messenger-Alltag
Ghost Pairing: Wie Angreifer WhatsApp mitlesen können, ohne aufzufallen
#Apple #FileVault, Advanced Data Protection & warum Apple sich selbst aussperrt
WhatsApp „Secure Mode“ – #Sicherheit auf Kosten von Komfort
Burnerphones, #Journalisten & warum echte #Anonymität fast unmöglich ist
DW Access: #Nachrichten trotz #Zensur in #Iran, #Russland & #China
Webseite der Episode: https://igeh.podigee.io/107-ghost-pairing-so-liest-jemand-deine-whatsapp-ohne-dass-du-es-merkst
Mediendatei: https://audio.podigee-cdn.net/2336050-m-7e207ea3d838fb8e942b217eadf421d5.mp3?source=feed
https://www.xda-developers.com/criminals-exploiting-2025-winrar-bug-nobody-updating-app/
There's a bug in WinRAR that allows an attacker to hide malware that installs directly to the Startup folder, WinRAR has patched the bug, but many people don't bother to update WinRAR.
"Um amigo ressaltou ontem à noite que o #WinRAR é mais lucrativo que o #OpenAI e não consigo parar de pensar nisso."
#ai #ia #inteligenciaArtificial #tecnologia
Eine Erkenntnis aus dem letzten Stream und die müsst ihr mal kurz sacken lassen.
WinRar verdient am Tag mehr Geld als OpenAI seit seiner Gründung.
Angriffe auf #WinRAR-Lücke laufen weiter | Security https://www.heise.de/news/Angriffe-auf-WinRAR-Luecke-laufen-weiter-11157132.html #Patchday
I see this is doing the rounds
https://cybernews.com/cybercrime/winrar-flaw-ukraine-global-cybercrime-google/
To be clear this is a security flaw that WinRAR patched in July last year.
Why is it a problem now? Because WinRAR, like 7-Zip does not provide autoupdate. 😢
I actually made a bot to start tracking these releases @archivetoolstracker at the start of the year (it has yet to post because neither have updated yet in 2026).
If you use either of these follow it or its RSS feed so that you know when to update.
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
CVE-2025-8088 is a high-severity path traversal vulnerability in WinRAR that attackers exploit by leveraging Alternate Data Streams (ADS). Adversaries can craft malicious RAR archives which, when opened by a vulnerable version of WinRAR, can write files to arbitrary locations on the system. Exploitation of this vulnerability in the wild began as early as July 18, 2025, and the vulnerability was addressed by RARLAB with the release of WinRAR version 7.13 shortly after, on July 30, 2025.
Pulse ID: 697bcc53ac906b4ef070c633
Pulse Link: https://otx.alienvault.com/pulse/697bcc53ac906b4ef070c633
Pulse Author: AlienVault
Created: 2026-01-29 21:08:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vulnerability #WinRAR #bot #AlienVault
Nation-state and criminal actors leverage #WinRAR flaw in Attacks
https://securityaffairs.com/187451/hacking/nation-state-and-criminal-actors-leverage-winrar-flaw-in-attacks.html
#securityaffairs #hacking
It's been a busy 24 hours in the cyber world with critical zero-day and n-day vulnerabilities under active exploitation, new threat actor tradecraft, a significant cyberattack on critical infrastructure, and important discussions around data privacy and AI's impact on security. Let's dive in:
Poland's Power Grid Hit by Coordinated Cyberattack ⚡
- A coordinated cyberattack in late December compromised control and communications systems at approximately 30 facilities linked to Poland's distributed energy generation.
- While the attack, attributed to Russia's Sandworm group, didn't cause power outages, it disabled key equipment beyond repair and prevented remote monitoring/control of systems.
- This incident highlights the growing targeting of distributed energy systems, which often have less cybersecurity investment than centralised infrastructure, by sophisticated adversaries.
🗞️ The Record | https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected
Mustang Panda Updates CoolClient Backdoor with Infostealers 🐼
- Chinese espionage group Mustang Panda has updated its CoolClient backdoor, now capable of stealing browser login data and monitoring clipboards.
- The new variant, observed targeting government entities in Myanmar, Mongolia, Malaysia, Russia, and Pakistan, was deployed via legitimate Sangfor software, a shift from previous DLL side-loading tactics.
- It features enhanced core functions, a new clipboard monitoring module, active window title tracking, HTTP proxy credential sniffing, and deploys infostealers using hardcoded API tokens for services like Google Drive to evade detection.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/chinese-mustang-panda-hackers-deploy-infostealers-via-coolclient-backdoor/
Fake Python Spellcheckers Deliver RATs on PyPI 🐍
- Two malicious packages, "spellcheckerpy" and "spellcheckpy," were found on PyPI, masquerading as legitimate spellcheckers but delivering a full-featured Python Remote Access Trojan (RAT).
- The payload was cleverly hidden within a Basque language dictionary file, base64-encoded, and triggered upon importing the "SpellChecker" module in versions 1.2.0 and later.
- The RAT downloads from a domain linked to Cloudzy, a hosting provider with a history of serving nation-state groups, and is suspected to be from the same actor behind a similar "spellcheckers" campaign in November 2025.
📰 The Hacker News | https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on-pypi-delivered-hidden-remote-access-trojan.html
'Bizarre Bazaar' Operation Hijacks Exposed LLM Endpoints 🤖
- A new cybercrime campaign, dubbed 'Bizarre Bazaar', is actively targeting exposed Large Language Model (LLM) service endpoints to commercialise unauthorised access to AI infrastructure.
- Attackers exploit misconfigurations like unauthenticated Ollama endpoints (port 11434) and OpenAI-compatible APIs (port 8000) within hours of them appearing on Shodan/Censys.
- This operation involves a criminal supply chain for resource theft (crypto mining), reselling API access on darknet markets, data exfiltration from prompts, and lateral movement into internal systems via Model Context Protocol (MCP) servers.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-hijack-exposed-llm-endpoints-in-bizarre-bazaar-operation/
Fortinet FortiCloud SSO Zero-Day Under Active Exploitation (CVE-2026-24858) ⚠️
- Fortinet has confirmed a new, actively exploited critical FortiCloud SSO authentication bypass vulnerability (CVE-2026-24858, CVSS 9.4) affecting FortiOS, FortiManager, and FortiAnalyzer.
- Attackers are using FortiCloud accounts and registered devices to log into other customers' devices via FortiCloud SSO, creating rogue admin accounts (e.g., cloud-init@mail.io) and exfiltrating configurations.
- Fortinet has implemented server-side mitigations by blocking SSO connections from vulnerable firmware versions, and patches are currently in development. Admins should still consider disabling FortiCloud SSO if not strictly necessary and review logs for compromise indicators.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fortinet-blocks-exploited-forticloud-sso-zero-day-until-patch-is-ready/
📰 The Hacker News | https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/28/fortinet_forticloud_vuln/
WinRAR Path Traversal Flaw (CVE-2025-8088) Widely Exploited 🎯
- A six-month-old, high-severity WinRAR path traversal vulnerability (CVE-2025-8088, CVSS 8.8) is under widespread active exploitation by both nation-state actors (Russia, China) and financially motivated cybercriminals.
- The exploit method involves crafting malicious RAR archives that, when opened, silently drop a malicious payload into critical system locations like the Windows Startup folder, often using decoy files and Alternate Data Streams (ADS).
- Google Threat Intelligence Group (GTIG) reports that Russian groups like RomCom, Sandworm, Gamaredon, and Turla are targeting Ukrainian military and government entities, while cybercriminals deploy commodity RATs and infostealers globally. Patching WinRAR to version 7.13 or later is crucial.
🤫 CyberScoop | https://cyberscoop.com/winrar-defect-active-exploits-google-threat-intel/
📰 The Hacker News | https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/28/winrar_bug_under_attack/
Critical RCE and Sandbox Escape Flaws in Node.js vm2 and n8n 💻
- A critical sandbox escape vulnerability (CVE-2026-22709, CVSS 9.8) in the Node.js vm2 library allows attackers to run arbitrary code outside the sandboxed environment due to improper Promise handler sanitisation. Update to vm2 version 3.10.3 immediately.
- The n8n workflow automation platform is also affected by two critical vulnerabilities: CVE-2026-1470 (JavaScript AST sandbox escape) and CVE-2026-0863 (Python AST sandbox escape), both leading to full RCE on the main n8n node, even for authenticated non-admin users.
- These flaws highlight the inherent difficulty in safely sandboxing dynamic languages like JavaScript and Python; self-hosted n8n instances should update to versions 1.123.17, 2.4.5, 2.5.1 (for CVE-2026-1470) and 1.123.14, 2.3.5, 2.4.2 (for CVE-2026-0863) respectively.
📰 The Hacker News | https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox-escape-and-arbitrary-code-execution.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/
SolarWinds Web Help Desk Plagued by Critical RCE and Auth Bypass Flaws 🛠️
- SolarWinds has released patches for multiple critical vulnerabilities in its Web Help Desk (WHD) software, including authentication bypass flaws (CVE-2025-40552, CVE-2025-40554) and remote code execution (RCE) bugs (CVE-2025-40553, CVE-2025-40551).
- These RCE flaws, stemming from untrusted data deserialisation, can be exploited by unauthenticated attackers to run commands on vulnerable hosts, while authentication bypasses allow remote unauthenticated access.
- Given WHD's widespread use in critical sectors and a history of its vulnerabilities being actively exploited, admins should upgrade to Web Help Desk 2026.1 without delay.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
AI's Impact on Zero-Trust and Data Accuracy 🤖
- Gartner predicts that by 2028, 50% of organisations will adopt a zero-trust data governance posture due to the rise of "unverified AI-generated data," leading to "model collapse" where LLMs degrade by training on their own erroneous outputs.
- This degradation can lead to confident-yet-plausible errors in critical tasks like code reviews and security triaging, eroding guardrails and creating prompt injection opportunities.
- To combat this, organisations need to identify and tag AI-generated data, establish active metadata practices, and filter out synthetic or toxic data from training inputs, treating human-generated data as the "gold standard."
🌑 Dark Reading | https://www.darkreading.com/application-security/ai-death-accuracy-zero-trust
Latin America Becomes Riskiest Region for Cyberattacks 📈
- Latin America and the Caribbean now lead globally in cyberattack frequency, experiencing an average of 3,065 attacks per week last year, a 26% year-over-year increase.
- Attacks are driven by a shift towards data-leak extortion, credential-stealing campaigns, exploitation of edge devices, and increased use of AI by attackers, with ransomware activity expected to accelerate further.
- The region's rapid digitalisation, valuable yet vulnerable industries, and increased interest from major cyber powers (including China-linked espionage) contribute to its elevated risk profile, urging improved ransomware resilience and GenAI governance.
🌑 Dark Reading | https://www.darkreading.com/cyber-risk/surging-cyberattacks-latin-america-riskiest-region
Moltbot AI Assistant Raises Data Security Concerns 🧠
- The viral open-source Moltbot (formerly Clawdbot) AI assistant, popular for local hosting and deep system integration, is raising significant data security concerns due to insecure enterprise deployments.
- Careless configurations, especially behind reverse proxies, often lead to exposed admin interfaces allowing unauthenticated access, credential theft, conversation history leaks, and even root-level command execution.
- Security researchers warn that info-stealing malware will likely adapt to target Moltbot's local storage, stressing the importance of isolating AI instances in virtual machines with strict firewall rules rather than running them directly on host OS with broad permissions.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/viral-moltbot-ai-assistant-raises-concerns-over-data-security/
WhatsApp Rolls Out 'Strict Account Settings' for High-Risk Users 🔒
- Meta's WhatsApp is introducing "Strict Account Settings," a new one-click lockdown mode designed to provide extreme safeguards for high-risk individuals like journalists and public figures against sophisticated cyberattacks, including spyware.
- This feature, found under Settings > Privacy > Advanced, automatically enables two-step verification, blocks media from unknown senders, silences calls from unknown numbers, turns off link previews, and restricts access to profile information.
- The move comes as WhatsApp also transitions to the Rust programming language for media processing to boost security, following past incidents of zero-day exploits and spyware attacks targeting its users.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/27/whatsapp_strict_account_settings_meta_rust/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/whatsapp-gets-new-lockdown-feature-that-blocks-cyberattacks/
FBI Seizes RAMP Cybercrime Forum 🚨
- The FBI has seized the RAMP cybercrime forum, a notorious platform known for openly allowing the promotion of ransomware operations and advertising various malware and hacking services.
- Both the forum's Tor site and clearnet domain (ramp4u.io) now display an FBI seizure notice, indicating law enforcement has likely gained access to significant user data, including emails, IP addresses, and private messages.
- RAMP was launched in July 2021 by "Orange" (later identified as Mikhail Matveev, indicted by the U.S. DOJ for ransomware involvement) after other major Russian-speaking forums banned ransomware promotion, becoming a hub for gangs to recruit affiliates and sell network access.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/
#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #ActiveExploitation #WinRAR #Fortinet #NodeJS #SolarWinds #ThreatActors #MustangPanda #Malware #RAT #LLMjacking #AI #DataPrivacy #Regulatory #Darknet #Cybercrime #IncidentResponse
Months After Patch, #WinRAR Bug Poised to Hit SMBs Hardest. Russian and Chinese nation-state attackers are exploiting a months-old WinRAR #vulnerability, despite a #patch that came out last July.
https://www.darkreading.com/application-security/months-after-patch-winrar-bug-poised-smbs-hardest
Well, don't use that propietary software, just use instead a #freesoftware like #7zip : it can manipulate multiple compressed format without #security #breach
⚠️ Google alerte : des groupes de hackers exploitent toujours la faille WinRAR
👉 https://www.justgeek.fr/faille-winrar-cve-2025-8088-exploitation-google-alerte-146070/
⚠️ Mehrere Hackergruppen attackieren WinRAR-Nutzer seit Monaten über eine kritische Sicherheitslücke. Bösartige Dateien werden ausgeliefert – Zeit für ein Update!
Cet incident sérieux avec #WinRAR rappelle l’importance de bien garder ses logiciels à jour. Qui ne connaît pas WinRAR ? Le célèbre outil d'archivage de fichiers est très populaire sur #Windows. Connu des particuliers, il l'est aussi des pirates.
https://www.numerama.com/tech/2169363-cet-incident-serieux-avec-winrar-rappelle-limportance-de-bien-garder-ses-logiciels-a-jour.html
Bah, pourquoi utiliser des logiciels propriétaires alors qu'il existe des #logicielslibres ayant des fonctionnalités similaires comme #7zip par exemple ?
WinRAR-Schwachstelle CVE-2025-8088: Staatsakteure und Cyberkriminelle nutzen Sicherheitslücke massiv aus
Bei CVE-2025-8088 handelt es sich um eine hochriskante Path-Traversal-Schwachstelle, die Angreifer durch Manipulation von Alternate Data Streams (ADS) ausnutzen können.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst