7-zip
-
A vulnerability, which was classified as critical, was found in 7-zip up to 18.01 on Windows. Affected is the function LsaAddAccountRights of the component Access Restriction. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2018-10172. It is possible to launch the attack remotely. There is no exploit available. It is recommended…
-
Since a full-scale invasion of Ukraine, cybercriminal groups of russian origin have relentlessly targeted the Ukrainian state bodies and business sectors for espionage and destruction. Recently, cybersecurity researchers uncovered a massive cyber-espionage campaign exploiting a 7-Zip zero-day vulnerability to deliver SmokeLoader malware. The campaign’s ultimate objective was cyber espionage, intensifying the digital frontlines of the…
-
A recently patched security flaw in the 7-Zip archiver, tracked as CVE-2025-0411 (CVSS score: 7.0), has been actively exploited by Russian cybercrime groups to deploy the SmokeLoader malware. The flaw enables attackers to bypass Windows’ Mark-of-the-Web (MotW) protections, allowing malicious code execution under the current user’s privileges. 7-Zip addressed the vulnerability in November 2024 with…
-
Espionage and Cybercrime Campaign Tied to 7-Zip Mark-of-the-Web Bypass HitsRussian hackers targeting Ukrainian government agencies and businesses – including a major automotive manufacturer – have been targeting a zero-day vulnerability in the open source and widely used 7-Zip archive utility, to infect systems with credential-stealing SmokeLoader malware.
-
A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. […]
-
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vulnerability (CVE-2025-0411) Mark-of-the-Web (MotW) is a zone identifier used by the Windows operating system to flag files downloaded from…
-
A newly identified zero-day vulnerability in the widely used 7-Zip archiving software, designated as CVE-2025-0411. This critical flaw, which was exploited in the wild, is enabling threat actors to bypass vital Windows security protections and deploy SmokeLoader malware. The campaign has predominantly targeted Ukrainian organizations, with experts suspecting links to Russian cybercrime groups amid the…
-
A vulnerability was found in 7-zip. It has been classified as problematic. This affects an unknown part of the component Mark-of-the-Web. The manipulation leads to protection mechanism failure. This vulnerability is uniquely identified as CVE-2025-0411. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
-
A high-severity vulnerability in 7-Zip has been discovered, allowing attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature and execute malicious code during file extraction. 7-Zip lacks an auto-update function, requiring users to manually update the software.Read Entire Article
-
The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
-
The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
-
The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
-
The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
-
The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
-
The vulnerability CVE-2025-0411 has been discovered in the popular 7-Zip file archiver software, allowing attackers to bypass the Mark-of-the-Web protection mechanism. CVE-2025-0411 has a 7.0 CVSS rating. The vulnerability was quickly fixed, but since the program doesn’t have an automatic update mechanism, some users may still have a vulnerable version. That’s why we recommend immediately…
-
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers when extracting malicious files from nested archives. […]
-
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday!
-
Compression utilities like 7-Zip have become essential tools for managing and storing data efficiently. Renowned for its high compression ratio and versatility, 7-Zip has earned millions of fans, from individual consumers to IT professionals around the globe. However, even trusted software can contain vulnerabilities. Recently, a security flaw was discovered within 7-Zip that may allow remote…
-
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely.