Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake updates & web injections.

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025–8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads.

The security issue is a path traversal flaw that leverages Alternate Data Streams (ADS) to write malicious files to arbitrary locations. Attackers have exploited this in the past to plant malware in the Windows Startup folder, for persistence across reboots.

Researchers at cybersecurity company ESET discovered the vulnerability and reported in early August 2025 that the Russia-aligned group RomCom had been exploiting it in zero-day attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered federal agencies to secure their servers within three weeks.

Patched in June 2024, this security flaw (CVE-2024–37079) stems from a heap overflow weakness in the DCERPC protocol implementation of vCenter Server (a Broadcom VMware vSphere management platform that helps admins manage ESXi hosts and virtual machines).

Threat actors with network access to vCenter Server may exploit this vulnerability by sending a specially crafted network packet that can trigger remote code execution in low-complexity attacks that don’t require privileges on the targeted systems or user interaction.