The vulnerability allows attackers to bypass the Windows Mark-of-the-Web security boundary by using specially crafted RAR5 archives with Zone.Identifier stream entries to evade 7-Zip's guard mechanism.
Russian intelligence services are conducting a targeted campaign using fake SMS messages to steal credentials from Ukrainian and European government officials, military personnel, and activists , a strategic threat pattern for DACH organizations in government and critical infrastructure sectors.
Russian intelligence services are expanding their Signal-targeted phishing campaigns to extract Backup Recovery Keys, enabling access to historical messages and compromising the security of encrypted communications within organizations.