High-severity WinRAR 0-day exploited for weeks by 2 groups - Ars Technica

Exploits allow for persistent backdooring when targets open booby-trapped archive.