MEDIUMMalware
Global

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

·Source: The Hacker News

Updated:

Executive Summary

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an

Analysis

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an

Indicators of Compromise (1)

CVE (1)
CVE-2025-8088
NVDMITRE CVE
Source Attribution

Originally published by The Hacker News on Jun 2, 2026.

Related Threats

CRITICALAi

Trump revives parts of canceled AI order with cybersecurity-focused directive

US President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI initiative that he abruptly shelved less than two weeks ago. The order, “ Promoting Advanced Artificial Intelligence Innova

CSO Online
MEDIUMMalware

The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs

Key Takeaways The Rise of Cloud-Native Command and Control (C2) Command and control (C2) infrastructure traditionally lived outside the victim environment. Malware beaconed to attacker-operated servers hosted on rented VPS infrastructure or compromised websites, and defenders focused on identifying those endpoints through IP reputation, domain intelligence, and network blocking. Cloud computing ha

Qualys Blog
MEDIUMApt

LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine

ESET researchers show how Gamaredon facilitated Turla access to Ukrainian targets, revealing rare cooperation between FSB-linked espionage groups.

SentinelLabs