Skip to article
Security Alert
Emergent Story mode

Now reading

Overview

1 / 12 3 min 5 sources Multi-Source
Sources

Story mode

Security AlertMulti-Source7 sections

Cyber Threats Evolve with New Techniques and Tools

Malware authors adapt, threat intelligence improves, and Microsoft boosts security updates

Read
3 min
Sources
5 sources
Domains
2
Sections
7

Cyber threats continue to evolve with new techniques and tools being developed by malware authors. A recent discovery by Bombadil Systems security researcher Chris Aziz has revealed a new method dubbed "Zombie ZIP" that...

Story state
Deep multi-angle story
Evidence
What Happened
Coverage
7 reporting sections
Next focus
Key Facts

Story step 1

Multi-Source

What Happened

The "Zombie ZIP" technique manipulates ZIP headers to trick parsing engines into treating compressed data as uncompressed. This allows malware to...

Step
1 / 7

The "Zombie ZIP" technique manipulates ZIP headers to trick parsing engines into treating compressed data as uncompressed. This allows malware to slip past security tools, which trust the header and scan the file as if it were a copy of the original in a ZIP container. Aziz found that this technique works against 50 of the 51 AV engines on VirusTotal.

Continue in the field

Focused storyNearby context

Open the live map from this story.

Carry this article into the map as a focused origin point, then widen into nearby reporting.

Leave the article stream and continue in live map mode with this story pinned as your origin point.

  • Open the map already centered on this story.
  • See what nearby reporting is clustering around the same geography.
  • Jump back to the article whenever you want the original thread.
Open live map mode

Story step 2

Multi-Source

Why It Matters

The rise of new techniques like "Zombie ZIP" highlights the need for improved threat intelligence. ESET Telemetry has reported a 12% decrease in...

Step
2 / 7

The rise of new techniques like "Zombie ZIP" highlights the need for improved threat intelligence. ESET Telemetry has reported a 12% decrease in threat detections in India between January and August 2025, suggesting that awareness and early prevention efforts are beginning to take effect. However, ransomware activity continues to evolve rapidly, and threat actors like Sednit are resurfacing with sophisticated toolkits.

Story step 3

Multi-Source

What Experts Say

Threat landscape is changing but many things of the past are not solved yet like Phishing, Ransomware are still troubling organizations and threat...

Step
3 / 7
"Threat landscape is changing but many things of the past are not solved yet like Phishing, Ransomware are still troubling organizations and threat actors' tactics are becoming more effective with use of AI," said Roman Kovac, Chief Research Officer at ESET.

Story step 4

Multi-Source

Key Numbers

12%: Decrease in threat detections in India between January and August 2025 (ESET Telemetry) 2026: Year in which Microsoft will enable hotpatch...

Step
4 / 7
  • **12%: Decrease in threat detections in India between January and August 2025 (ESET Telemetry)
  • **2026: Year in which Microsoft will enable hotpatch security updates by default for all eligible Windows devices

Story step 5

Multi-Source

Background

The "Zombie ZIP" technique is not the only new development in the cyber threat landscape. A malicious npm package posing as an OpenClaw Installer has...

Step
5 / 7

The "Zombie ZIP" technique is not the only new development in the cyber threat landscape. A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines. The package, published under the name "@openclaw-ai/openclawai", pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser data, cryptocurrency wallets, SSH Keys, and Apple Keychain databases.

Story step 6

Multi-Source

What Comes Next

Microsoft is taking steps to improve security updates with the enablement of hotpatch security updates by default for all eligible Windows devices...

Step
6 / 7

Microsoft is taking steps to improve security updates with the enablement of hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API. This change is expected to halve the time to reach 90% patch compliance.

Story step 7

Multi-Source

Key Facts

Who: Chris Aziz, Bombadil Systems security researcher Impact: Bypasses security tools and allows malware to slip past detection "AV engines trust the...

Step
7 / 7
  • Who: Chris Aziz, Bombadil Systems security researcher
  • Impact: Bypasses security tools and allows malware to slip past detection
"AV engines trust the ZIP Method field. When Method=0 (STORED), they scan the data as raw uncompressed bytes. But the data is actually DEFLATE compressed - so the scanner sees compressed noise and finds no signatures," said Chris Aziz.

Source bench

Multi-Source

5 cited references across 2 linked domains.

References
5
Domains
2

5 cited references across 2 linked domains.

  1. Source 1 · Fulqrum Sources

    New 'Zombie ZIP' technique lets malware slip past security tools

  2. Source 2 · Fulqrum Sources

    Threat intelligence by ESET is a game changer

  3. Source 3 · Fulqrum Sources

    Microsoft to enable Windows hotpatch security updates by default

Open source workbench

Keep reporting

ContradictionsEvent arcNarrative drift

Open the deeper evidence boards.

Take the mobile reel into contradictions, event arcs, narrative drift, and the full source workspace.

  • Scan the cited sources and coverage bench first.
  • Open contradiction and narrative drift checks after the first read.
  • Revisit the core evidence in What Happened.
Open evidence boards

Stay in the reporting trail

Open the evidence boards, source bench, and related analysis.

Jump from the app-style read into the deeper workbench without losing your place in the story.

Open source workbenchBack to Security Alert
🔒 Security Alert

Cyber Threats Evolve with New Techniques and Tools

Malware authors adapt, threat intelligence improves, and Microsoft boosts security updates

By Emergent News Desk

Tuesday, March 10, 2026 • 3 min read • 5 source references

  • 3 min read
  • 5 source references

Cyber threats continue to evolve with new techniques and tools being developed by malware authors. A recent discovery by Bombadil Systems security researcher Chris Aziz has revealed a new method dubbed "Zombie ZIP" that helps conceal payloads in compressed files, avoiding detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

Story pulse
Story state
Deep multi-angle story
Evidence
What Happened
Coverage
7 reporting sections
Next focus
Key Facts

What Happened

The "Zombie ZIP" technique manipulates ZIP headers to trick parsing engines into treating compressed data as uncompressed. This allows malware to slip past security tools, which trust the header and scan the file as if it were a copy of the original in a ZIP container. Aziz found that this technique works against 50 of the 51 AV engines on VirusTotal.

Why It Matters

The rise of new techniques like "Zombie ZIP" highlights the need for improved threat intelligence. ESET Telemetry has reported a 12% decrease in threat detections in India between January and August 2025, suggesting that awareness and early prevention efforts are beginning to take effect. However, ransomware activity continues to evolve rapidly, and threat actors like Sednit are resurfacing with sophisticated toolkits.

What Experts Say

"Threat landscape is changing but many things of the past are not solved yet like Phishing, Ransomware are still troubling organizations and threat actors' tactics are becoming more effective with use of AI," said Roman Kovac, Chief Research Officer at ESET.

Key Numbers

  • **12%: Decrease in threat detections in India between January and August 2025 (ESET Telemetry)
  • **2026: Year in which Microsoft will enable hotpatch security updates by default for all eligible Windows devices

Background

The "Zombie ZIP" technique is not the only new development in the cyber threat landscape. A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines. The package, published under the name "@openclaw-ai/openclawai", pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser data, cryptocurrency wallets, SSH Keys, and Apple Keychain databases.

What Comes Next

Microsoft is taking steps to improve security updates with the enablement of hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API. This change is expected to halve the time to reach 90% patch compliance.

Key Facts

  • Who: Chris Aziz, Bombadil Systems security researcher
  • Impact: Bypasses security tools and allows malware to slip past detection
"AV engines trust the ZIP Method field. When Method=0 (STORED), they scan the data as raw uncompressed bytes. But the data is actually DEFLATE compressed - so the scanner sees compressed noise and finds no signatures," said Chris Aziz.

Coverage tools

Sources, context, and related analysis

Visual reasoning

How this briefing, its evidence bench, and the next verification path fit together

A server-rendered QWIKR board that keeps the article legible while showing the logic of the current read, the attached source bench, and the next high-value reporting move.

Cited sources

0

Reasoning nodes

3

Routed paths

2

Next checks

1

Reasoning map

From briefing to evidence to next verification move

SSR · qwikr-flow

Story geography

Where this reporting sits on the map

Use the map-native view to understand what is happening near this story and what adjacent reporting is clustering around the same geography.

Geo context
0.00° N · 0.00° E Mapped story

This story is geotagged, but the nearby reporting bench is still warming up.

Continue in live map mode

Coverage at a Glance

5 sources

Compare coverage, inspect perspective spread, and open primary references side by side.

Linked Sources

4

Distinct Outlets

2

Viewpoint Center

Not enough mapped outlets

Outlet Diversity

Very Narrow
0 sources with viewpoint mapping 0 higher-credibility sources 1 reference without direct URL
Coverage is still narrow. Treat this as an early map and cross-check additional primary reporting.

Coverage Gaps to Watch

  • Thin mapped perspectives

    Most sources do not have mapped perspective data yet, so viewpoint spread is still uncertain.

  • No high-credibility anchors

    No source in this set reaches the high-credibility threshold. Cross-check with stronger primary reporting.

Read Across More Angles

Check the live asymmetry watch

Frontier can tell you whether this story’s lane is thin, transport-monoculture, or missing stronger anchors right now.

Open frontier →

Audit how this story fits your mix

Reader Lens now tracks source-dossier and lane visits, so you can see whether this story expands your overall reading behavior or reinforces a rut.

Open Reader Lens →

Source-by-Source View

Search by outlet or domain, then filter by credibility, viewpoint mapping, or the most-cited lane.

Showing 4 of 4 cited sources with links.

1 citation-only reference will appear once direct links are available.

Unmapped Perspective (4)

bleepingcomputer.com

New 'Zombie ZIP' technique lets malware slip past security tools

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
bleepingcomputer.com

Microsoft to enable Windows hotpatch security updates by default

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
csoonline.com

Threat intelligence by ESET is a game changer

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
csoonline.com

Devs looking for OpenClaw get served a GhostClaw RAT

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
Fact-checked Real-time synthesis Bias-reduced

This article was synthesized by Fulqrum AI from 5 trusted sources, combining multiple perspectives into a comprehensive summary. All source references are listed below.