Start your day with intelligence. Get The OODA Daily Pulse.
Russian hackers have been observed exploiting a 7-Zip zero day against Ukrainian entities. The exploited flaw, tracked as CVE-2025-0411, was discovered in September 2024 in 7-Zip version 24.09. It was patched around two months later. The bug allows an attacker to bypass the Mark-of-the-Web (MoTW) protection mechanism, which prevents the automatic execution of untrusted files. Now, researchers have discovered that Russian hackers are using the vulnerability to target Ukrainian government entities and other organizations, likely for cyber espionage purposes.
Read more: https://www.securityweek.com/russian-hackers-exploited-7-zip-zero-day-against-ukraine/