Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

June 2, 2026
No Comments

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation.

Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an

Leave a Reply Cancel reply

Palo Alto warns of active exploitation of GlobalProtect authentication bypass flaw June 2, 2026
Palo Alto Networks has alerted customers about the ongoing exploitation of the authentication bypass vulnerability in PAN-OS GlobalProtect. The vulnerability, tracked as CVE-2026-0257, lets unauthenticated actors bypass security measures and set up unsanctioned connections to vulnerable GlobalProtect portals and gateways. A high CVSS score of 7.8 was assigned for this vulnerability. This issue was first […]
Kirsten Doyle
CrowdStrike, Google, and Shadowserver Foundation disrupt Glassworm botnet June 1, 2026
CrowdStrike has shared details of a coordinated operation used to disable the Glassworm botnet, which targets software developers and leverages open-source ecosystems to deploy malware. The CrowdStrike Counter Adversary Operations team, in partnership with Google and the Shadowserver Foundation, took down all four C2 centers of the Glassworm network on 26 May by disrupting all […]
Kirsten Doyle
Artificial intelligence and elections: When an election is annulled because of TikTok June 1, 2026
On 6 December 2024, the Constitutional Court of Romania took an unprecedented step: it annulled the first round of the country’s presidential election. Not over ballot-box fraud, nor over irregularities in the count, but because one candidate, the previously unknown Călin Georgescu, had emerged in first place through a coordinated influence operation on TikTok, with […]
Theofanis Kasimis
Threat Actors Deploy Tiflux RMM for Persistent Remote Access May 29, 2026
Threat actors are abusing legitimate RMM tools as a means of creating persistence inside victims’ systems, using the Tiflux RMM tool. Tiflux is a reputable Brazilian software platform used by IT departments and Managed Service Providers (MSPs) for managing IT assets, tickets, teams, and remote monitoring. As reported by Huntress, the campaign is using Tiflux […]
Kirsten Doyle
Building cyber resilience for mission-critical operations in 2026 May 27, 2026
For a long time, cybersecurity has been viewed as a technology-based problem, with leaders focused on crafting intelligent protective systems designed to prevent major attacks. However, as the threats faced by modern organizations grow increasingly sophisticated, agile, and unpredictable, the way teams approach cybersecurity must evolve. In a landscape where threats evolve faster than many […]
Sean Toohey
Major US telecom providers debut C2 ISAC to counter AI-driven threats May 26, 2026
Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing within the telecommunications industry, amid growing concerns about AI cyberattacks, state-sponsored espionage, and infrastructure attacks. The new cybersecurity partnership, the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), has been launched by eight […]
Kirsten Doyle
Passwordless security and the new identity battleground May 26, 2026
For years, passwords were the only thing that mattered for securing our online presence, but the discussion around authentication is evolving rapidly. Passkeys, biometrics, device trust, and adaptive identity management solutions are often cited as the key to the next level of security, while attackers are focusing on directly targeting our identity infrastructure. Session hijacking, […]
Kirsten Doyle
Verizon DBIR 2026: What the experts are saying May 21, 2026
According to the 2026 Verizon Data Breach Investigations Report, the threat environment is transforming in terms of speed, scale, and interconnected risk. For the first time in its history, vulnerability exploitation was identified as the top initial access vector, representing 31% of attacks, and the report found that ransomware, third-party attacks, and misuse of AI are all on the […]
Kirsten Doyle
Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground May 20, 2026
The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a threat environment moving much faster than many organizations can reasonably protect themselves against. Based on information collected from more than 31,000 security incidents and over 22,000 confirmed data breaches spanning 145 different countries, the DBIR reveals a changing face to how attackers get in, how fast vulnerabilities are exploited, […]
Kirsten Doyle
How EM is boosting the career trajectory of VM analysts May 19, 2026
As organizations shift from vulnerability management (VM) to exposure management (EM), the role of the VM analyst must evolve or become outmoded. This necessary transition forces analysts to move beyond the job description of scanning and patching and into more strategic, business-aligned roles. AI has necessitated this change in many areas of security, from SOCs to CISOs, […]
Katrina Thompson

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

How Leading Organizations Are Turning EDR Into Operational Resilience

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Leave a Reply Cancel reply

[email protected]

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

Share :

Leave a Reply Cancel reply