New Amaranth Dragon cyberespionage group exploits WinRAR flaw

A new cyberespionage group named Amaranth Dragon, linked to APT41, exploited the CVE-2025-8088 vulnerability in WinRAR to target government and law enforcement agencies in Southeast Asia. The group used the flaw to deliver malicious payloads, combining legitimate tools with the Amaranth Loader for increased stealth. Check Point reports that the group has been active since March 2025 and has used geofencing to restrict attacks to specific countries.