A Southeast Asia cyber-espionage campaign targets governments via a fake WinRAR file exploiting CVE-2025-8088 in a multi-stage attack.