Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships.
This blog discusses the steganography, cloud abuse, and email-based backdoorsβ―used against theβ―Ukrainianβ―defense supply chainβ―in the latest Pawn Storm campaign that TrendAIβ’ Research observed and analyzed.
Login
