Hackers have exploited a WPS Office zero-day to deploy dangerous malware

Popular workplace productivity software suite WPS Office had a vulnerability that allowed some threat actors to deploy backdoors on their targets' endpoints, experts said.

ESET cybersecurity researchers discovered that WPS Office was vulnerable to an improper path validation flaw, tracked as CVE-2024-7262. It has a severity score of 9.3 (critical) and affects several versions (from 12.2.0.13110 to 12.1.0.16412). The first patch to fix the issue was released in March 2024, but some threat actors were reportedly already exploiting it a month earlier.

scroll to top