On February 4, 2025, researchers at Trend Micro published a blog post detailing how Russian-linked threat actors exploited a zero-day vulnerability in 7-Zip, identified as .

: Attackers used compromised email accounts to send malicious archives. These attacks utilized homoglyph attacks , where visually similar characters are used to deceive users into opening malicious files.

While there is no single "official" blog post titled exactly "0NB.7z," recent threat intelligence reports and security blog posts from early 2025 detail a critical exploitation involving archives and a zero-day vulnerability. Security Vulnerability: CVE-2025-0411

: Analysis from ThreatLocker highlights that attackers prefer tools like 7-Zip because they are often pre-approved in corporate environments, making it difficult for standard antivirus software to flag their use as malicious.