🚨 Google has linked Turla to a new .NET backdoor.

STOCKSTAY was used in espionage campaigns targeting #Ukraine government and military organizations.

It overlaps with Kazuar and reached targets through phishing, RDP files, MSI installers, and #WinRAR CVE-2025-8088 lures.

See the full attack details 🠖 https://thehackernews.com/2026/06/google-details-turlas-new-stockstay.html

🖥️ 6 meilleures alternatives gratuites à WinRAR

👉 https://www.justgeek.fr/alternatives-gratuites-winrar-152200/

#WinRAR #Logiciels #OpenSource #Windows11 #Compression #Informatique

Analysis of Gamaredon campaign targeting Ukraine weaponizing CVE-2025-8088

A campaign exploiting the WinRAR path-traversal vulnerability CVE-2025-8088 has been actively targeting Ukraine since February 2026, with ongoing activity through June 2026. The operation uses Ukrainian military and conscription-themed documents as lures, distributed as RAR archives. The malicious archives contain NTFS alternate data streams with path-traversal sequences that automatically place LNK files into the Windows Startup folder upon extraction. These shortcuts execute hidden PowerShell stagers incorporating anti-analysis techniques including debugger checks, disk-space verification, and sleep delays to evade sandbox detection. The persistent nature of the attacks demonstrates continuous targeting of Ukrainian entities over a four-month period using social engineering focused on military documentation themes.

Pulse ID: 6a34c6344468a941c924c02c
Pulse Link: https://otx.alienvault.com/pulse/6a34c6344468a941c924c02c
Pulse Author: AlienVault
Created: 2026-06-19 04:31:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Gamaredon #InfoSec #LNK #Military #OTX #OpenThreatExchange #PowerShell #RAT #SocialEngineering #UK #Ukr #Ukraine #Ukrainian #Vulnerability #WinRAR #Windows #bot #AlienVault

Ok cool, my archivers are up to date.

#7Zip #WinRAR

Akira, LimeWire, and the Sour Taste of Data Exfiltration

In a recent ransomware attack, threat actors accessed a victim's hypervisor and created a new virtual machine to stage and launch Akira ransomware. The forensic investigation revealed the attackers disabled Microsoft Defender immediately, installed WinRAR for data staging, and used Easyupload.io, a file transfer website owned by LimeWire, for data exfiltration. The threat actor also utilized WinSCP and enumerated Active Directory users and computers. The newly instantiated VM lacked security tooling, allowing the attacker to operate uninhibited. Analysis of the VHDX file provided clear evidence of the attack progression, showing the threat actor moved quickly through their operations without employing sophisticated anti-forensics techniques. The incident highlights the need for organizations to monitor environments for unusual access and new endpoint creation.

Pulse ID: 6a2c3a9558633c03af0b3177
Pulse Link: https://otx.alienvault.com/pulse/6a2c3a9558633c03af0b3177
Pulse Author: AlienVault
Created: 2026-06-12 16:57:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Akira #CyberSecurity #Endpoint #ICS #InfoSec #Mac #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RAT #RansomWare #WinRAR #WinSCP #bot #AlienVault

A WinRAR está a celebrar a compra de licenças pelos seus clientes com posts na rede social X. A marca aproveitou para relembrar os tempos em que os utilizadores tentavam extrair ficheiros durante o período de teste 📦

🔗 https://tugatech.com.pt/t85533-winrar-celebra-compra-de-licencas-e-relembra-tempos-de-extrair-ficheiros

#compra #winrar