Technology

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

Source

Tom's Hardware

Published

Mar 13, 2026

TL;DR

AI Generated

A new vulnerability called Zombie ZIP allows malware to bypass 95% of antivirus apps by disguising compressed data as uncompressed in ZIP files. This trick evades detection as the data appears as random bytes to antivirus software. The flaw has been exploited in a proof-of-concept Python script that can easily extract malware from corrupted ZIP files. Security experts recommend caution with ZIP files until antivirus solutions catch up with this issue.

Read Full Article

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

Microsoft is investigating a compromise of the mistralai PyPI package, where attackers injected malicious code that automatically executed on import, downloaded a secondary payload, and launched malware on Linux systems. The compromised package contained code that silently downloaded a file and executed it in the background, potentially stealing credentials and executing destructive commands. This incident is part of the broader "Mini Shai-Hulud" software supply-chain campaign affecting npm and AI developer ecosystems. Additionally, security firm Aikido warned of compromised TanStack JavaScript packages and Mistral npm SDK packages in separate attacks, urging developers to rotate credentials if affected. The incidents highlight the increasing targeting of developer infrastructure, emphasizing the importance of securing high-value credentials in modern development environments.

Tom's Hardware•

3 hours ago

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

A cyberattack disrupted the Canvas online learning platform during final exams, prompting chaos at schools and colleges in the US. Instructure, Canvas's parent company, temporarily took the platform offline after detecting unauthorized activity in its network. The threat actor responsible for the breach had also been involved in a previous data breach. While user data like names and email addresses were accessed, sensitive information like passwords and financial details were reportedly not compromised. The ransomware group ShinyHunters claimed responsibility for the breach, affecting millions of individuals associated with thousands of schools. Other learning platforms, like PowerSchool, have also fallen victim to cyberattacks in the past.

Ars Technica•

3 days ago

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

The widely used Daemon Tools disk app has been backdoored in a monthlong supply-chain attack, as reported by security firm Kaspersky. Malicious updates were pushed from the developer's servers starting on April 8, affecting versions 12.5.0.2421 through 12.5.0.2434 on Windows. Infected versions collect sensitive data and send it to an attacker-controlled server, targeting machines in over 100 countries. This incident joins a list of supply-chain attacks, highlighting the challenge of defending against such sophisticated attacks that exploit trusted update channels. Organizations are advised to carefully monitor machines with Daemon Tools installed for any suspicious activities post-April 8.

Ars Technica•

6 days ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firm Checkmarx has been targeted in a series of supply-chain attacks over the past six weeks, with malware being pushed to customers through compromised accounts. The attacks began with the breach of the Trivy vulnerability scanner, leading to malware being distributed to Checkmarx users. Checkmarx's GitHub account was also compromised, leading to the dissemination of malware to its users. The company faced additional malware pushes, indicating ongoing security challenges. A ransomware group known as Lapsu$ recently dumped Checkmarx's private data on the dark web, suggesting persistent access by attackers.

Ars Technica•

1 week ago

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

Tom's Hardware•

3 hours ago

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

Ars Technica•

3 days ago

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Ars Technica•

6 days ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Ars Technica•

1 week ago

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

TL;DR

Similar Articles

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

We use cookies

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

TL;DR

Similar Articles

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden