Report an incident
Customer Portal
Inside RemCom’s Latest Evolution: Weaponizing WinRAR Vulnerability CVE-2025-8088 in 2025 Attacks
← Back to Labs
← Volver a Labs
Medium
Campaign, CVE
Persistence
EDR, Sysmon, Windows

Inside RemCom’s Latest Evolution: Weaponizing WinRAR Vulnerability CVE-2025-8088 in 2025 Attacks

WinRAR is one of the most popular file compression tools globally, known for its ability to efficiently compress, package and exchange files. In 2025, a critical security vulnerability designated CVE-2025-8088 was discovered in the Windows version of WinRAR. Criminal groups started abusing in, in particular RemCom (also called Tropical Scorpion) updated his TTPs weaponizing the winrar flaw ti archive initial access and persistence on compromized host.

Download PDF

labs correlati

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
Medium
Bypass
Privilege Escalation
Sysmon, Windows

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

Learn more
BlueHammer windows Zero-Day
Medium
Bypass
Privilege Escalation
EDR, Sysmon, Windows

BlueHammer windows Zero-Day

Learn more
Weaponizing Windows Toast Notifications Abuse of ToastNotify.exe for Phishing and Credential Coercion
Medium
Bypass
Defense Evasion
EDR, Sysmon, Windows

Weaponizing Windows Toast Notifications: Abuse of ToastNotify.exe for Phishing and Credential Coercion

Learn more
1 2 3 12

Contacts

Get in touch with us

Contact Us
Sorint.SEC
Via dell'Artigianato,
24046 Osio Sotto BG
Italy


+39 035 0510401
info@sec.sorint.it
Pages
Services
Certifications
chevron-right