Google Warns Hackers Still Exploiting Patched WinRAR Vulnerability on Windows

• January 28, 2026

Google has issued a warning that hackers are actively exploiting a previously patched vulnerability in the popular file compression software WinRAR to compromise Windows computers. Despite the security flaw having been addressed, threat actors suspected of affiliations with Russia and China continue to leverage this weakness as part of their attack strategies.

Details of the Ongoing Exploitation

The vulnerability, associated with WinRAR’s file archiving and compression functionality on Windows platforms, was publicly disclosed and patched by the developers some time ago. However, Google’s cybersecurity teams have identified ongoing malicious activities relying on this exploit to gain unauthorized access to targeted systems. These attacks often serve as vectors for broader intrusion campaigns and data breaches.

Google’s alert highlights the persistence of cyber adversaries in taking advantage of known vulnerabilities that remain unpatched or inadequately protected in user environments. The continuing exploitation underscores the critical need for robust patch management practices and cybersecurity hygiene among Windows users utilizing WinRAR for file management tasks.

The groups behind these intrusions are believed to have ties to Russian and Chinese cyber operations, signaling a sustained interest from state-affiliated actors in penetrating enterprise and potentially government networks through widely-used software tools.

While Google did not provide details on the exact mechanisms or payloads involved in the attacks, the company’s advisory serves to raise awareness about the ongoing risks posed by legacy vulnerabilities, even after patches are released.

This development is part of a broader pattern where cybercriminals and advanced persistent threat groups exploit known software weaknesses as entry points into Windows environments. Such tactics underline the importance of timely security updates and monitoring for suspicious activity related to common utilities like WinRAR.

Looking ahead, attention will focus on whether further mitigation steps emerge from software vendors or security providers to counteract this persistent exploitation. Organizations and users are encouraged to verify that security patches for WinRAR and related software are applied and to maintain vigilance against suspicious file activity consistent with compromise attempts.

Google alerts that hackers linked to Russia and China continue to exploit a patched WinRAR flaw to target Windows systems.