Ars Technica

Execute shell scripts via Safari (new exploit vector)

Well, here we go boys and girls.<BR><BR>Of course, you're not running as Administrator, so this isn't a problem for you, right? And you were probably smart enough to uncheck the <B>Open "Safe" files ...
Bleeping Computer

WinRAR SFX archives can run PowerShell without being detected

Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target ...