New 'Zombie ZIP' technique lets malware slip past security tools

A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) ...
Security Boulevard

Zombie ZIP method can fool antivirus during the first scan

Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that's up for debate) that can bypass a first AV inspection.
Bleeping Computer

An encrypted ZIP file can have two correct passwords — here's why

Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malicious files (i.e. phishing "invoices" in emails). But, ...
Cybernews

Researcher discovers severe antivirus blind spot: corrupted ZIP files evade nearly all scanners

Hackers can change a single byte to insert malware undetected, posing as an apparently corrupted ZIP file dubbed Zombie Zip.
Ars Technica

Zip Security - is it easy to crack the PW of a zip file?

Zip encryption is vulnerable to known-plaintext attacks. Implementation quality also is an issue; WinZip's is particularly bad. No source, I'm afraid.