• My Feed
  • Home
  • What's Important
  • Media & Entertainment
Search

Stay Curious. Stay Wanture.

© 2026 Wanture. All rights reserved.

  • Terms of Use
  • Privacy Policy
Tech/Security

Zombie ZIP (CVE-2026-0866) Evades 60 of 63 AV Products

13 March 2026

—

News

Priya Desai

Researchers disclosed CVE-2026-0866, revealing a ZIP file exploit that bypasses 60 of 63 tested Windows antivirus products. The flaw lets a ZIP file claim it stores uncompressed data while actually delivering a DEFLATE-compressed payload, allowing malware to dodge detection and reach user systems.

How the exploit works

Why it matters. The technique shows how tweaking metadata can defeat traditional signature-based scanning. Antivirus engines read the compression field in the ZIP header, see "stored" (no compression), and skip deep inspection. Windows Explorer ignores that flag, extracts the real DEFLATE-compressed payload, and writes malicious code to disk.

The numbers reveal a systemic blind spot. Testing showed that 95% of antivirus products failed to detect the threat—60 of 63 tested products found nothing dangerous in the sample file. Most vendors listed their detection status as "unknown," indicating widespread inability to scan this malformed archive type.

Inconsistent extraction tools

Extraction tools respond inconsistently. 7-Zip and WinRAR reject the file as corrupt and refuse extraction. Windows Explorer and several custom tools proceed anyway, following the embedded payload stream rather than the header declaration. This split creates an opening attackers can exploit.

What you can do now

Security researchers recommend these interim defenses until vendors ship updated detection signatures:

  • Treat unexpected ZIP files as suspect, especially if your scanner reports them clean.
  • Scan every archive with at least two different engines before extraction.
  • Extract only with Windows Explorer or tools that validate CRC checksums.
  • Enable sandboxing for any file showing integrity warnings.
  • Contact your AV or EDR vendor to confirm CVE-2026-0866 support.
  • Deploy email-gateway filters that reject archives with compression-field mismatches.

The path forward

The fix depends on vendor response. Antivirus companies must update parsers to verify that declared compression methods match actual stream encoding. Behavioral analysis and file-integrity checks offer temporary protection, but comprehensive detection requires engine-level changes across the security ecosystem.

banner

What is this about?

  • ZIP archive evasion/
  • Windows AV bypass

Feed

    Rust CLI lets AI agents trade with a single command

    Rust CLI lets AI agents trade with a single command

    Rust CLI that signs, throttles, and offers a sandbox for AI bots on Kraken

    about 3 hours ago

    Apple orders 20 million Samsung displays for iPhone Ultra

    Apple placed an order for 20 million flexible displays from Samsung on March 12, 2026, marking the company's first foldable iPhone, the iPhone Ultra. Samsung became the sole supplier after BOE failed quality checks, with production slated for May and the first units expected in Q4 2026. Analysts say the deal could boost the global foldable market by up to 30 percent year‑over‑year.

    Apple orders 20 million Samsung displays for iPhone Ultra
    about 8 hours ago

    Parallels Desktop 19.2 runs Windows 11 ARM on MacBook Neo

    Parallels Desktop 19.2 shows Windows 11 ARM can run in a VM on the new MacBook Neo with Apple’s A18 Pro chip. VT‑EX support enables shared‑memory operation, allowing enterprises to consolidate macOS and Windows workloads on a single low‑cost laptop. The base 8 GB model caps Windows RAM at about 4 GB, limiting multitasking.

    about 10 hours ago

    Apple’s 50‑Year Journey: From Garage to Global Action

    Tim Cook’s anniversary letter marks Apple’s 50‑year milestone by celebrating the users who turned a garage prototype into habits. From the Apple I’s bare board to the iPhone, iPod, Macintosh and Apple Watch, the story shows how simple actions—recording a newborn, tracking a run, building an app—have shaped the company’s legacy and point to a user‑focused future.

    about 12 hours ago

    JBL rolls out EasySing AI Mic with PartyBox 2 Plus

    JBL unveiled the EasySing AI karaoke microphone, bundled with the PartyBox 2 Plus, on April 5, 2026. The mic’s on‑device neural‑network strips vocals at three levels and adds real‑time pitch correction, while Voice Boost cuts background noise. With ten‑hour battery life and USB‑C pairing, it aims at the expanding U.S. karaoke market driven by AI‑enhanced, portable audio.

    JBL rolls out EasySing AI Mic with PartyBox 2 Plus
    1 day ago

    Why Does Muscle Mass Beat the Scale After 40?

    Hidden muscle loss slows metabolism; strength tests can protect health after 40

    1 day ago

    Evening Sugar Cravings: Why They’re Metabolic, Not Willpower

    Low glucose and dopamine spikes spark sweet cravings; protein curbs them

    1 day ago

    Apple’s upcoming foldable adds two‑app split-screen

    Apple’s upcoming foldable iPhone, slated for the 2026‑2027 roadmap, will run a custom OS and support a two‑app side‑by‑side view. The internal screen expands to roughly 7.6‑7.8 inches while the outer cover remains a familiar 5.4 inches, offering a pocket‑sized device that lets professionals check notes or reply to messages without switching apps. Developer tools will determine how quickly the split‑screen workflow gains traction.

    Apple’s upcoming foldable adds two‑app split-screen
    1 day ago
    7 Steps to Supercharge Windows with PowerToys v0.97.2

    7 Steps to Supercharge Windows with PowerToys v0.97.2

    Install, configure, and use PowerToys v0.97.2 to speed up Windows tasks

    1 day ago

    Apple Music Streams Full Songs Inside TikTok

    Apple Music became the exclusive provider of full‑track streaming inside TikTok on March 11, 2026. Users tap a button to play entire songs via an embedded mini‑player without leaving the app. Non‑subscribers receive a three‑month free trial, streams count toward artist royalties, and new Listening Party rooms enable real‑time co‑listening with live chat.

    1 day ago

    Xbox Full Screen Experience hits Windows 11 in April 2026

    Microsoft announced that the Xbox Full Screen Experience will be available on Windows 11 PCs starting in April 2026. The mode disables File Explorer and background services, freeing roughly 2 GB of RAM and lowering CPU load. Gamers can activate it by pressing Win+F11 or via the Game Bar, and it works with Steam, Epic, Microsoft Store, and DirectX 12 titles.

    Xbox Full Screen Experience hits Windows 11 in April 2026
    1 day ago

    Perplexity’s Personal Computer AI Agent Arrives for macOS 13

    Perplexity’s Personal Computer launches as a cloud‑hosted AI agent for macOS 13 Mac mini, acting as a desktop proxy that requires user approval for each task and includes an instant‑off button. The subscription service bundles cloud models, while open‑source OpenClaw v2026.3.11 offers a free alternative but has security flaws. Users weigh convenience versus cost and privacy.

    Perplexity’s Personal Computer AI Agent Arrives for macOS 13
    1 day ago

    Nvidia, Nebius unveil AI factories using H100 and H200 GPUs

    Nvidia and Nebius announced on March 11 a partnership to launch on‑demand AI factories built from H100 and H200 GPUs. The service bundles Nvidia AI Enterprise, NeMo and Triton, letting developers train and run large language models without buying hardware. Nebius shares jumped over 13% after the news, buoyed by its 2025 Microsoft contract.

    Nvidia, Nebius unveil AI factories using H100 and H200 GPUs
    2 days ago

    Windows 11 KB5079473 update released on March 11, 2026

    Microsoft’s March 11, 2026 Windows 11 KB5079473 update fixes sign‑in freezes, cuts wake‑from‑sleep latency on SSD laptops, and stops Nearby Sharing crashes during large file transfers. It adds an Extract‑All button for RAR/7z archives, fresh emojis, an internet‑speed taskbar widget, and native .webp wallpaper support. Install via Settings > Windows Update or a standalone download.

    Windows 11 KB5079473 update released on March 11, 2026
    2 days ago

    Klotho Clock Assays Target Biological Age in Neuro Trials

    Klotho Neurosciences rolled out two genomics assays on March 10, 2026, dubbed the Klotho Clock. The tests read cell‑free DNA methylation at the KLOTHO promoter and profile nine longevity‑linked genes, letting researchers match trial participants by biological age. Aligning groups this way may boost power in ALS and Alzheimer’s studies and cut costly trial failures.

    2 days ago

    Moskvich Halts 5‑Sedan Production After Failed Benchmarks

    On March 8, 2026, Moskvich announced the end of 5‑sedan production after fewer than 500 units left the line, citing missed consumer‑property benchmarks for ride comfort and interior durability. Remaining cars will be sold at discounts of up to 30%. The company is now shifting resources to the 3 SUV, aiming for 50,000 units to avoid the shortfalls that halted the 5.

    Moskvich Halts 5‑Sedan Production After Failed Benchmarks
    2 days ago

    Meta acquires Moltbook to boost AI‑agent platform

    Meta announced on March 10, 2026 that it has acquired Moltbook, the Reddit‑style AI‑agent platform that amassed 1.5 million agents after its late‑January launch. The purchase follows a February security breach that exposed API keys, prompting Meta to bring the team into its Superintelligence Labs and promise secure, hosted tools for managing multi‑agent ecosystems.

    Meta acquires Moltbook to boost AI‑agent platform
    2 days ago

    Adobe Photoshop AI assistant launches for all on April 1

    On April 1, Adobe opened its Photoshop AI assistant to all web and mobile users, ending the invite‑only beta. The generative fill feature lets creators type prompts or draw arrows to remove, replace, or adjust objects, with support for iOS 15+ and Android 12+. Paid subscribers keep unlimited generations; free accounts are capped at 20 edits until April 9.

    Adobe Photoshop AI assistant launches for all on April 1
    3 days ago
    MacBook Neo Base Review: Silent, Light, and Upgrade‑Limited

    MacBook Neo Base Review: Silent, Light, and Upgrade‑Limited

    Campus test of the MacBook Neo shows all‑day battery life and silence, but limited RAM and a USB‑2 port

    3 days ago
    Loading...
banner
Tech/Security

Zombie ZIP (CVE-2026-0866) Evades 60 of 63 AV Products

13 March 2026

—

News

Priya Desai

Researchers disclosed CVE-2026-0866, revealing a ZIP file exploit that bypasses 60 of 63 tested Windows antivirus products. The flaw lets a ZIP file claim it stores uncompressed data while actually delivering a DEFLATE-compressed payload, allowing malware to dodge detection and reach user systems.

How the exploit works

Why it matters. The technique shows how tweaking metadata can defeat traditional signature-based scanning. Antivirus engines read the compression field in the ZIP header, see "stored" (no compression), and skip deep inspection. Windows Explorer ignores that flag, extracts the real DEFLATE-compressed payload, and writes malicious code to disk.

The numbers reveal a systemic blind spot. Testing showed that 95% of antivirus products failed to detect the threat—60 of 63 tested products found nothing dangerous in the sample file. Most vendors listed their detection status as "unknown," indicating widespread inability to scan this malformed archive type.

Inconsistent extraction tools

Extraction tools respond inconsistently. 7-Zip and WinRAR reject the file as corrupt and refuse extraction. Windows Explorer and several custom tools proceed anyway, following the embedded payload stream rather than the header declaration. This split creates an opening attackers can exploit.

What you can do now

Security researchers recommend these interim defenses until vendors ship updated detection signatures:

  • Treat unexpected ZIP files as suspect, especially if your scanner reports them clean.
  • Scan every archive with at least two different engines before extraction.
  • Extract only with Windows Explorer or tools that validate CRC checksums.
  • Enable sandboxing for any file showing integrity warnings.
  • Contact your AV or EDR vendor to confirm CVE-2026-0866 support.
  • Deploy email-gateway filters that reject archives with compression-field mismatches.

The path forward

The fix depends on vendor response. Antivirus companies must update parsers to verify that declared compression methods match actual stream encoding. Behavioral analysis and file-integrity checks offer temporary protection, but comprehensive detection requires engine-level changes across the security ecosystem.

What is this about?

  • ZIP archive evasion/
  • Windows AV bypass

Feed

    Rust CLI lets AI agents trade with a single command

    Rust CLI lets AI agents trade with a single command

    Rust CLI that signs, throttles, and offers a sandbox for AI bots on Kraken

    about 3 hours ago

    Apple orders 20 million Samsung displays for iPhone Ultra

    Apple placed an order for 20 million flexible displays from Samsung on March 12, 2026, marking the company's first foldable iPhone, the iPhone Ultra. Samsung became the sole supplier after BOE failed quality checks, with production slated for May and the first units expected in Q4 2026. Analysts say the deal could boost the global foldable market by up to 30 percent year‑over‑year.

    Apple orders 20 million Samsung displays for iPhone Ultra
    about 8 hours ago

    Parallels Desktop 19.2 runs Windows 11 ARM on MacBook Neo

    Parallels Desktop 19.2 shows Windows 11 ARM can run in a VM on the new MacBook Neo with Apple’s A18 Pro chip. VT‑EX support enables shared‑memory operation, allowing enterprises to consolidate macOS and Windows workloads on a single low‑cost laptop. The base 8 GB model caps Windows RAM at about 4 GB, limiting multitasking.

    about 10 hours ago

    Apple’s 50‑Year Journey: From Garage to Global Action

    Tim Cook’s anniversary letter marks Apple’s 50‑year milestone by celebrating the users who turned a garage prototype into habits. From the Apple I’s bare board to the iPhone, iPod, Macintosh and Apple Watch, the story shows how simple actions—recording a newborn, tracking a run, building an app—have shaped the company’s legacy and point to a user‑focused future.

    about 12 hours ago

    JBL rolls out EasySing AI Mic with PartyBox 2 Plus

    JBL unveiled the EasySing AI karaoke microphone, bundled with the PartyBox 2 Plus, on April 5, 2026. The mic’s on‑device neural‑network strips vocals at three levels and adds real‑time pitch correction, while Voice Boost cuts background noise. With ten‑hour battery life and USB‑C pairing, it aims at the expanding U.S. karaoke market driven by AI‑enhanced, portable audio.

    JBL rolls out EasySing AI Mic with PartyBox 2 Plus
    1 day ago

    Why Does Muscle Mass Beat the Scale After 40?

    Hidden muscle loss slows metabolism; strength tests can protect health after 40

    1 day ago

    Evening Sugar Cravings: Why They’re Metabolic, Not Willpower

    Low glucose and dopamine spikes spark sweet cravings; protein curbs them

    1 day ago

    Apple’s upcoming foldable adds two‑app split-screen

    Apple’s upcoming foldable iPhone, slated for the 2026‑2027 roadmap, will run a custom OS and support a two‑app side‑by‑side view. The internal screen expands to roughly 7.6‑7.8 inches while the outer cover remains a familiar 5.4 inches, offering a pocket‑sized device that lets professionals check notes or reply to messages without switching apps. Developer tools will determine how quickly the split‑screen workflow gains traction.

    Apple’s upcoming foldable adds two‑app split-screen
    1 day ago
    7 Steps to Supercharge Windows with PowerToys v0.97.2

    7 Steps to Supercharge Windows with PowerToys v0.97.2

    Install, configure, and use PowerToys v0.97.2 to speed up Windows tasks

    1 day ago

    Apple Music Streams Full Songs Inside TikTok

    Apple Music became the exclusive provider of full‑track streaming inside TikTok on March 11, 2026. Users tap a button to play entire songs via an embedded mini‑player without leaving the app. Non‑subscribers receive a three‑month free trial, streams count toward artist royalties, and new Listening Party rooms enable real‑time co‑listening with live chat.

    1 day ago

    Xbox Full Screen Experience hits Windows 11 in April 2026

    Microsoft announced that the Xbox Full Screen Experience will be available on Windows 11 PCs starting in April 2026. The mode disables File Explorer and background services, freeing roughly 2 GB of RAM and lowering CPU load. Gamers can activate it by pressing Win+F11 or via the Game Bar, and it works with Steam, Epic, Microsoft Store, and DirectX 12 titles.

    Xbox Full Screen Experience hits Windows 11 in April 2026
    1 day ago

    Perplexity’s Personal Computer AI Agent Arrives for macOS 13

    Perplexity’s Personal Computer launches as a cloud‑hosted AI agent for macOS 13 Mac mini, acting as a desktop proxy that requires user approval for each task and includes an instant‑off button. The subscription service bundles cloud models, while open‑source OpenClaw v2026.3.11 offers a free alternative but has security flaws. Users weigh convenience versus cost and privacy.

    Perplexity’s Personal Computer AI Agent Arrives for macOS 13
    1 day ago

    Nvidia, Nebius unveil AI factories using H100 and H200 GPUs

    Nvidia and Nebius announced on March 11 a partnership to launch on‑demand AI factories built from H100 and H200 GPUs. The service bundles Nvidia AI Enterprise, NeMo and Triton, letting developers train and run large language models without buying hardware. Nebius shares jumped over 13% after the news, buoyed by its 2025 Microsoft contract.

    Nvidia, Nebius unveil AI factories using H100 and H200 GPUs
    2 days ago

    Windows 11 KB5079473 update released on March 11, 2026

    Microsoft’s March 11, 2026 Windows 11 KB5079473 update fixes sign‑in freezes, cuts wake‑from‑sleep latency on SSD laptops, and stops Nearby Sharing crashes during large file transfers. It adds an Extract‑All button for RAR/7z archives, fresh emojis, an internet‑speed taskbar widget, and native .webp wallpaper support. Install via Settings > Windows Update or a standalone download.

    Windows 11 KB5079473 update released on March 11, 2026
    2 days ago

    Klotho Clock Assays Target Biological Age in Neuro Trials

    Klotho Neurosciences rolled out two genomics assays on March 10, 2026, dubbed the Klotho Clock. The tests read cell‑free DNA methylation at the KLOTHO promoter and profile nine longevity‑linked genes, letting researchers match trial participants by biological age. Aligning groups this way may boost power in ALS and Alzheimer’s studies and cut costly trial failures.

    2 days ago

    Moskvich Halts 5‑Sedan Production After Failed Benchmarks

    On March 8, 2026, Moskvich announced the end of 5‑sedan production after fewer than 500 units left the line, citing missed consumer‑property benchmarks for ride comfort and interior durability. Remaining cars will be sold at discounts of up to 30%. The company is now shifting resources to the 3 SUV, aiming for 50,000 units to avoid the shortfalls that halted the 5.

    Moskvich Halts 5‑Sedan Production After Failed Benchmarks
    2 days ago

    Meta acquires Moltbook to boost AI‑agent platform

    Meta announced on March 10, 2026 that it has acquired Moltbook, the Reddit‑style AI‑agent platform that amassed 1.5 million agents after its late‑January launch. The purchase follows a February security breach that exposed API keys, prompting Meta to bring the team into its Superintelligence Labs and promise secure, hosted tools for managing multi‑agent ecosystems.

    Meta acquires Moltbook to boost AI‑agent platform
    2 days ago

    Adobe Photoshop AI assistant launches for all on April 1

    On April 1, Adobe opened its Photoshop AI assistant to all web and mobile users, ending the invite‑only beta. The generative fill feature lets creators type prompts or draw arrows to remove, replace, or adjust objects, with support for iOS 15+ and Android 12+. Paid subscribers keep unlimited generations; free accounts are capped at 20 edits until April 9.

    Adobe Photoshop AI assistant launches for all on April 1
    3 days ago
    MacBook Neo Base Review: Silent, Light, and Upgrade‑Limited

    MacBook Neo Base Review: Silent, Light, and Upgrade‑Limited

    Campus test of the MacBook Neo shows all‑day battery life and silence, but limited RAM and a USB‑2 port

    3 days ago
    Loading...