7-Zip version 26.02 addresses a remote code execution vulnerability that allows attackers to run malicious code through specially crafted archive files. Users should update immediately.
7-Zip released version 26.02 to fix a critical remote code execution (RCE) vulnerability affecting the widely-used compression utility. The flaw enables attackers to execute arbitrary code on a victim's system by distributing malicious archive files.
The vulnerability exploits how 7-Zip processes compressed files. When users open a specially crafted archive, the application processes the malicious content in a way that permits code execution. This attack vector requires only user interaction—victims need to open the archive file, a common action for anyone receiving compressed data.
7-Zip's open-source nature and ubiquity across Windows, macOS, and Linux systems mean this vulnerability potentially affects millions of users. The application is standard software for handling .7z, .zip, .rar, and other archive formats, making it a practical target for attackers seeking widespread compromise.
The developers classified this as a critical security issue, warranting immediate attention. Version 26.02 patches the code execution pathway, preventing attackers from leveraging the vulnerability through archive manipulation.
Users are advised to update to version 26.02 or later without delay. Automated update mechanisms may not apply universally, so manual verification that your installation reflects the patched version is prudent. Users running older versions on production systems should prioritize this update.
While no active exploitation in the wild has been confirmed at this writing, the relative simplicity of weaponizing this flaw—requiring only distribution of malicious files—suggests attackers will likely develop exploits if they haven't already. Organizations should treat this as urgent.
For enterprise environments, administrators should push this update across their infrastructure. Users handling archives from untrusted sources should remain cautious even after patching, as updates sometimes lag across diverse systems.
Victoria's government is proposing laws to force social media and AI platforms to identify anonymous users accused of online vilification. Premier Jacinta Allan says the reforms aim to protect children online.
Scammers are targeting X users with phishing emails claiming suspicious login activity from new devices. The fake messages aim to steal passwords for cryptocurrency scams and further fraud.
Security analysis uncovered over 60 deceptive applications on Apple's App Store that masquerade as legitimate games and utilities but transform into gambling platforms when accessed from Brazilian IP addresses.
Russia's Federal Security Service announced the discovery of a large-scale spyware operation targeting senior government officials' mobile devices. The agency attributed the campaign to foreign intelligence agencies.