Zombie ZIP: The Malware Trick Antivirus Tools Can’t See
A newly documented technique called Zombie ZIP allows malware to hide inside a deliberately malformed archive file, bypassing nearly every major antivirus and endpoint detection tool on the market. Security researcher Chris Aziz of Bombadil Systems discovered the technique and tested it against 51 antivirus engines on VirusTotal. It bypassed 50 of them. The CERT Coordination Center has since issued
BlackSanta Malware Is Silently Targeting HR Departments
Hiring managers open files from strangers every single day. That routine habit is exactly what a Russian-speaking threat actor has been exploiting for more than a year. Cybersecurity researchers at Aryaka recently uncovered the BlackSanta malware campaign: a sophisticated operation that disables endpoint security tools at the kernel level before the victim notices anything wrong. The campaign ran largely undetected
KadNap Botnet Turns ASUS Routers into Cybercrime Proxies
Cybersecurity researchers have uncovered a growing KadNap botnet that hijacks ASUS routers and other edge networking devices to power a large proxy network used in cybercrime. The malware quietly infects vulnerable devices and converts them into traffic relays that attackers can rent or use to conceal malicious activity. The campaign demonstrates how home and small-business networking hardware can become valuable
InstallFix Attacks Spread Infostealers via Fake Claude Code Guides
Cybercriminals have launched a new campaign using InstallFix attacks to distribute information-stealing malware through fake Claude Code installation guides. The operation targets developers searching for instructions to install Anthropic’s Claude Code CLI. Instead of legitimate documentation, victims land on convincing clone pages that contain malicious terminal commands. Security researchers discovered that these pages replicate official documentation almost perfectly. However, the
Phobos Ransomware Admin Pleads Guilty to Wire Fraud
A key administrator behind the Phobos ransomware operation has pleaded guilty to wire fraud conspiracy in a U.S. federal court. The case marks another major development in international efforts to disrupt ransomware networks responsible for attacks on businesses and public institutions worldwide. Authorities identified Evgenii Ptitsyn, a Russian national, as one of the administrators who helped run the Phobos ransomware
HungerRush Extortion Emails Target Restaurant Customers
Restaurant customers across the United States recently received alarming messages tied to HungerRush extortion emails, a campaign that attempted to pressure the restaurant technology provider with threats of data exposure. The attacker distributed mass emails directly to patrons of restaurants using the HungerRush platform, claiming to possess sensitive data and demanding payment. Early reports quickly circulated online as recipients shared
Star Citizen Data Breach Exposes User Data
Star Citizen data breach disclosures have raised concerns about how game developers secure user information stored in backup systems. Cloud Imperium Games confirmed that attackers accessed part of its infrastructure in January 2026, exposing certain account details linked to player profiles. The company stated that no passwords or payment information were compromised, but the incident still highlights the risks tied
AWS Data Centers Hit by Drone Strikes
AWS Data Centers in the Middle East sustained physical damage after drone strikes hit facilities in the United Arab Emirates and Bahrain. The incident disrupted cloud services and forced emergency response measures inside critical infrastructure sites. The event highlights a growing reality for global technology providers. Digital services may operate in the cloud, but the infrastructure behind them remains vulnerable
QuickLens Chrome Extension Steals Crypto in ClickFix Attack
A routine browser update can quickly turn into a security disaster. That is exactly what happened when the QuickLens Chrome extension received a malicious update that transformed it into a crypto-stealing tool. The QuickLens Chrome extension originally offered Google Lens-style search features and gained around 7,000 users in the Chrome Web Store. After a change in ownership, version 5.8 introduced
Arkanix Stealer Emerges as AI-Built Malware Test
Arkanix Stealer appeared suddenly on underground forums and disappeared almost as quickly. Security researchers describe it as a short-lived infostealer that likely relied on AI-assisted development techniques. Although the campaign did not last long, Arkanix Stealer highlights how rapidly cybercriminals can now build and test new malware strains. Researchers first observed the malware being promoted through dark web channels, complete
