This article examines how the Russian threat group Primitive Bear uses a recently discovered WinRAR vulnerability (CVE-2025-6218) to launch malware attacks targeting Ukrainian entities. The analysis highlights the group's methodology, including the use of deceptive file names to trick victims into executing malicious scripts.

Russian malware known as Spypress is exploiting vulnerabilities in webmail services to spy on Ukrainian users, particularly targeting Gmail and Yahoo accounts. The malware facilitates unauthorized access to sensitive information, raising significant security concerns amid ongoing conflict.