File-compression utility WinRAR has released version 7.13 to close CVE-2025-8088, a high-severity zero-day vulnerability that allowed attackers to plant executables in protected Windows directories via specially crafted RAR archives. Security firm ESET says the flaw has been exploited since mid-July by two Russian cyber-crime groups—RomCom and a separate outfit tracked as Paper Werewolf—chiefly through spear-phishing emails that masqueraded as job applications. Because WinRAR lacks an auto-update mechanism, hundreds of millions of Windows installations remain exposed until users manually install the update. ESET’s telemetry shows the exploit lets the malware gain persistence by writing to %APPDATA% or Startup folders, giving attackers remote access for data theft and further payload delivery. The researchers reported the bug on July 18; RARLAB issued a fix 12 days later. Unix, Android and other non-Windows builds of WinRAR are not affected. Separately, the Dutch National Cyber Security Centre warned that CVE-2025-6543—a critical memory-overflow flaw rated 9.2 on the CVSS scale—has been used as a zero-day since early May to breach several ‘critical’ organisations running Citrix NetScaler ADC and Gateway appliances. Citrix shipped patches in late June and administrators are urged to install the corrected versions (14.1-47.46, 13.1-59.19 and 13.1-37.236-FIPS/NDcPP), terminate all active sessions and scan for rogue PHP files and new admin accounts left by the intruders.