Zip Archives

Tech Optimizer

March 13, 2026

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

The Zombie ZIP exploit is a vulnerability that allows malware to bypass most antivirus solutions by misleading them about the nature of ZIP file contents. It takes advantage of the ZIP file structure, presenting itself as uncompressed data while hiding compressed information. This vulnerability can be easily implemented in Python with minimal code. The Computer Emergency Response Team (CERT) has issued advisory VU#976247, and the vulnerability is listed as CVE-2026-0866. Systems administrators are advised to be vigilant regarding ZIP files on their networks.

Winsage

March 13, 2026

These 4 open-source apps fixed Windows’ biggest problems

Windows operating system has evolved over the years, but initially, it often required external tools for tasks like video playback, file compression, secure connections, and file transfers. VLC Media Player addressed the issue of codec compatibility in video playback by bundling its own codecs, making it a widely used media player. 7-Zip improved file compression on Windows by offering superior efficiency, extensive format support, and user-friendly features, becoming essential for archiving tasks. PuTTY provided Windows users with their first effective SSH client, allowing secure terminal connections to remote servers, and remains popular despite Microsoft integrating OpenSSH. FileZilla simplified the process of uploading files to servers with its user-friendly graphical interface, becoming a staple for web developers. Despite improvements in Windows, many users continue to install these open-source applications out of habit due to their reliability and effectiveness.

Winsage

March 12, 2026

Windows 11 KB5079473 & KB5078883 cumulative updates released

Microsoft has released cumulative updates KB5079473 and KB5078883 for Windows 11 versions 25H2, 24H2, and 23H2 as part of the March 2026 Patch Tuesday. These updates address security vulnerabilities, fix bugs, and introduce new features. Users can install the updates via Start > Settings > Windows Update or manually from the Microsoft Update Catalog. The build numbers will change to 26200.8037 for 25H2, 26100.8037 for 24H2, and 22631.6783 for 23H2. Key enhancements include improved device targeting data for Secure Boot certificates, better reliability in File Explorer searches, and various new features such as a curated selection of emojis, a new backup and restore experience, automatic activation of Quick Machine Recovery, a built-in network speed test on the taskbar, and the ability to set WebP images as desktop backgrounds. Additionally, improvements have been made to the Windows Update settings page and the reliability of waking from sleep. No new issues have been reported with this month's updates.

Winsage

March 12, 2026

Microsoft’s year of fixing Windows 11 is off to a promising start, as latest update improves stability — but it still has a lot more work to do

Windows 11's March update includes several enhancements aimed at improving user experience, focusing on performance and reliability. Key features include: - File Explorer improvements allowing users to open new instances more reliably by holding the Shift key or using the middle mouse button. - Enhanced reliability in displaying network devices and improved search functionality across multiple drives. - An 'Extract all' command added for archived folders not in ZIP format. - Taskbar enhancements that prevent stacking of application instances, moving only overflow instances to a separate area for better organization. - Refined taskbar search functionality, allowing users to preview results by hovering and selecting 'Preview,' with group headers indicating the number of results. - Visual consistency improvements, particularly with the taskbar's auto-hide feature, print dialog box, and credential fields in the Windows Security panel. - Security enhancements for login and lock screens, the projection menu, and Nearby Sharing. - New features include updates to the emoji picker, a revamped widgets board, and an internet speed test feature in the taskbar, which received mixed reviews. - A new option in the Start menu's account menu directs users to a 'benefits' page, criticized as unnecessary promotion for Microsoft accounts.

Tech Optimizer

March 11, 2026

Attackers Use Malformed ZIP Archives to Evade Antivirus and EDR Tools

Cybersecurity researchers at the CERT Coordination Center (CERT/CC) have identified a new evasion technique, VU#976247, used by threat actors to exploit malformed ZIP archives and bypass Antivirus (AV) and Endpoint Detection and Response (EDR) systems. Attackers manipulate the internal headers of ZIP files, particularly altering the compression method field, which causes security tools to fail in analyzing the malicious payload. While some security products may flag the modified files as corrupted, they often do not detect the underlying malicious code. Standard extraction tools typically trust the tampered metadata and may return errors, leaving the hidden payload undisclosed. Attackers use custom malware loaders to extract and execute the malicious data, circumventing traditional AV detection. Cisco has been confirmed as affected, while other vendors, including AhnLab, Avast, Bitdefender, and Avira, have an “Unknown” status regarding their vulnerability. To mitigate this threat, organizations should enhance archive handling processes, avoid relying solely on declared metadata, adopt aggressive detection modes, flag metadata inconsistencies, and consult with AV and EDR providers about vulnerabilities.

Tech Optimizer

March 11, 2026

Malformed ZIP Files Allows Attackers to Bypass Antivirus and EDR Detections

A vulnerability identified as CVE-2026-0866 allows malicious actors to exploit malformed ZIP headers to bypass antivirus and Endpoint Detection and Response (EDR) systems. This flaw occurs because most security solutions rely on metadata within ZIP archives to scan and process files. When the compression method field is altered, security scanners may fail to decompress the archive correctly, resulting in a false negative and leaving the malicious payload undetected. Attackers can then use a custom loader to access the embedded malicious data, circumventing standard extraction tools. Cisco has been confirmed as affected by this vulnerability, while nearly 30 other security vendors have not disclosed their status. The cybersecurity community is urged to evolve scanning methodologies, including not relying solely on declared metadata and implementing aggressive detection modes. Organizations should verify their antivirus and EDR solutions for vulnerability to CVE-2026-0866 and monitor for custom loaders.

Winsage

March 6, 2026

Windows 11’s March 2026 update is packing 9 new upgrades you’ll actually notice

On March 10, 2026, Microsoft will release a Patch Tuesday update for Windows 11, introducing several new features and enhancements. Key updates include a network speed test feature accessible from the Taskbar, updated camera controls for pan and tilt settings, a new settings page for Widgets, support for WebP images as wallpapers, Quick Machine Recovery for Windows 11 Pro, refreshed dialogs in the Settings app, and changes in File Explorer allowing "Extract All" for non-ZIP archives. Additional updates include the introduction of Emoji version 16, a magnifier icon in Task Manager for the Windows Search process, and expanded RSAT support for ARM64 devices. Users are advised to be cautious during installation due to potential errors.

Winsage

March 6, 2026

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a social engineering campaign named ClickFix that exploits the Windows Terminal application to deploy Lumma Stealer malware. Detected in February 2026, this campaign instructs users to access Windows Terminal using the Windows + X → I shortcut, enhancing its perceived legitimacy. Attackers evade detection by manipulating users into executing harmful commands through deceptive prompts. The attack chain involves pasting a hex-encoded command into Windows Terminal, which opens additional Terminal and PowerShell instances, leading to a PowerShell process that decodes a script. This process downloads a ZIP payload containing a renamed 7-Zip binary, which extracts files and initiates a multi-stage attack, including retrieving payloads, establishing persistence, configuring Microsoft Defender exclusions, exfiltrating data, and deploying Lumma Stealer by injecting it into "chrome.exe" and "msedge.exe." Lumma Stealer targets browser artifacts to harvest credentials. A secondary attack pathway involves downloading a batch script that writes a Visual Basic Script to the Temp folder and connects to Crypto Blockchain RPC endpoints, also using QueueUserAPC() for code injection into browsers to extract data.

Winsage

March 1, 2026

Forget ‘debloat apps.’ Sophia Script gives you real control over Windows 11. Here’s how it works.

Windows 11 users often find system settings dispersed and many functionalities unconfigurable. The Sophia Script for Windows is an open-source PowerShell module designed to debloat and optimize Windows 10 and 11. It requires manual adjustments to select desired optimizations. To use the script, users must download it via PowerShell or from GitHub, extract files, and run the SophiaScriptWrapper.exe to import the Sophia.ps1 file. Users can customize functions and export a custom script before executing it. The script requires specific commands to run and may prompt users for selections during operation. Users can also run individual functions without modifying the entire script. The Sophia Script offers advanced control over privacy settings and system functions, appealing to power users who seek deeper customization beyond standard interfaces.

Winsage

March 1, 2026

Forget ‘debloat apps.’ Sophia Script gives you real control over Windows 11. Here’s how it works.

Windows 11 users often find system settings scattered, making configurations difficult to access. The Sophia Script for Windows is an open-source PowerShell module designed to debloat and optimize Windows 11 and 10. It requires manual modifications for customization and can be downloaded via PowerShell or from GitHub. Users must extract files, run the SophiaScriptWrapper.exe, and import the Sophia.ps1 file to customize and export their script. To execute the script, users must navigate to the script's directory in PowerShell, set execution policies, and run the customized script. Individual functions can also be executed by navigating to the script directory and using specific commands. The Sophia Script offers extensive control over system-level functions, allowing for deep customization of privacy settings and system behaviors, but may not be suitable for all users due to its complexity.