WinRAR 0-day & BadSuccessor Flaw: Microsoft’s Critical Fixes
▼ Summary
– Two threat actors exploited a WinRAR zero-day vulnerability (CVE-2025-8088), including the group Paper Werewolf targeting Russian organizations.
– Microsoft patched a Kerberos vulnerability (CVE-2025-53779) allowing privilege escalation in a BadSuccessor attack among 100+ fixes in August 2025 updates.
– Vulnerabilities in N-central RMM software (CVE-2025-8875, CVE-2025-8876) are being actively exploited, posing risks to managed service providers.
– A Croatian research institute confirmed a ransomware attack via Microsoft SharePoint “ToolShell” vulnerabilities, affecting thousands globally.
– Fortinet addressed a critical FortiSIEM vulnerability (CVE-2025-25256) after exploit code appeared, while brute-force attacks targeted Fortinet SSL VPNs.
Recent cybersecurity threats have escalated with critical vulnerabilities affecting major platforms, requiring immediate attention from IT teams worldwide. Two significant flaws, WinRAR’s zero-day exploit (CVE-2025-8088) and Microsoft’s “BadSuccessor” Kerberos vulnerability (CVE-2025-53779), have dominated security discussions, with active exploitation already reported.
Russian cybersecurity firm BI.ZONE confirmed that WinRAR’s zero-day was leveraged by multiple threat actors, including the group Paper Werewolf, targeting Russian organizations. Meanwhile, Microsoft’s August 2025 Patch Tuesday addressed over 100 vulnerabilities, including the BadSuccessor flaw, which allows privilege escalation in Windows Kerberos.
Remote monitoring and management (RMM) solutions also faced attacks, with N-central (CVE-2025-8875, CVE-2025-8876) exploited in the wild. Similarly, Fortinet devices experienced a surge in brute-force attacks, raising concerns about potential zero-day exploits. Fortinet later patched a critical FortiSIEM vulnerability (CVE-2025-25256) after exploit code surfaced publicly.
The Ruđer Bošković Institute (RBI) in Croatia confirmed a ransomware attack linked to Microsoft SharePoint’s “ToolShell” vulnerabilities, affecting thousands of institutions globally. Meanwhile, SafeBreach researchers uncovered flaws in Windows Active Directory, including CVE-2025-32724, which could turn domain controllers into DDoS attack tools.
Advanced Persistent Threat (APT) groups are shifting tactics, targeting executives’ personal devices and home networks. Simultaneously, Citrix NetScaler ADC and Gateway faced prolonged zero-day exploitation due to CVE-2025-6543 (CitrixBleed 2), a critical buffer over-read flaw.
On the defensive front, NIST finalized a lightweight cryptography standard for small devices, while DNS threats gained prominence in enterprise risk assessments. Despite increased budgets, healthcare breaches continue to rise, driven by ransomware and third-party compromises.
For professionals seeking career growth, free AI courses from Microsoft, AWS, and Google offer skill enhancement, while new cybersecurity job listings provide opportunities across experience levels.
Product highlights include the Apricorn Aegis NVX, a high-security portable SSD, and new releases from Brivo, Envoy, and Rubrik, showcasing the latest in infosec innovation.
The evolving threat landscape underscores the need for proactive patching, identity security hardening, and strategic pentesting to mitigate risks effectively.
(Source: HelpNet Security)