The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
SecurityWeek

APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability

CVE-2025-8088, a WinRAR vulnerability patched in July 2025, has been widely exploited by state-sponsored threat actors and cybercriminals.
MUO on MSN

I ditched WinRAR for this open-source tool and it's not 7-Zip

All the power of 7-Zip, without the 2005 vibes.

WinRAR path traversal flaw still exploited by numerous hackers

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity ...