Security firm ESET has reported that a high-severity zero-day vulnerability in WinRAR is being actively exploited by two Russian cybercrime groups. This vulnerability allows attackers to install persistent backdoors on systems when users open malicious files compressed with WinRAR. The zero-day, meaning it was previously unknown to the software vendor, poses a significant risk to WinRAR users as it can grant unauthorized access and control over their computers. Users are advised to update WinRAR immediately if a patch is available and to exercise caution when opening files from untrusted sources.