The Zombie ZIP Attack That’s Fooling Security Tools (Plus Other Threats We Need to Watch)

I’ve been digging into some concerning developments this week that I think we all need to be aware of. The most interesting one? A new evasion technique called “Zombie ZIP” that’s making our security tools look foolish. But that’s just the beginning of what caught my attention.

When ZIP Files Come Back from the Dead

The Zombie ZIP technique is one of those “why didn’t I think of that” moments that makes you both impressed and terrified. Attackers are crafting specially malformed ZIP files that essentially trick our security scanners into missing malicious payloads entirely.

March Patch Tuesday Brings Relief While Android Malware Gets Creative

It’s not often I get to write about a Patch Tuesday that doesn’t make me want to reach for the emergency coffee, but here we are. March 2026 delivered what security experts are calling a relatively calm month for patching – though “calm” is doing some heavy lifting when we’re talking about 83 Microsoft CVEs and 80 Adobe vulnerabilities.

Microsoft’s March Updates: Heavy on Volume, Light on Panic

Microsoft rolled out patches for what different sources are reporting as either 83 or 93 vulnerabilities (the discrepancy likely comes from how you count the Chromium fixes for Edge). Either way, it’s a substantial number, but the good news is that only 8 are rated critical, and crucially – none of these vulnerabilities are being actively exploited in the wild.

When Physical War Meets Digital Defense: March’s Security Wake-Up Calls

You know that uncomfortable feeling when theoretical risks suddenly become very real? That’s exactly what happened this week as we watched the Middle East conflict expose some serious blind spots in our cloud security thinking, while simultaneously dealing with Microsoft’s latest patch bonanza and a sneaky new EDR-killing malware campaign.

Let me walk you through what’s keeping me up at night – and what should probably be on your radar too.

Microsoft Takes Aim at Meeting Bots While AI Security Gets a Reality Check

We’ve had quite the week in security news, and I wanted to share some thoughts on a few developments that caught my attention. There’s a common thread running through these stories that I think says a lot about where we’re heading as an industry.

Teams Finally Tackles the Bot Problem

Microsoft announced they’re rolling out automatic tagging for third-party bots trying to join Teams meetings. If you’ve ever had one of those awkward moments where some random bot crashes your standup, you know exactly why this matters.

Supply Chain Attacks Hit Telecom Giant While Attackers Get Creative with DNS Infrastructure

Last week brought us a perfect storm of cybersecurity incidents that really highlight how attackers are diversifying their tactics. From supply chain compromises hitting major telecom companies to threat actors abusing fundamental internet infrastructure, we’re seeing some concerning trends that deserve our attention.

Ericsson Falls Victim to the Third-Party Problem

The biggest news came from Ericsson US, which disclosed a data breach after attackers compromised one of their service providers. What makes this particularly interesting is that it wasn’t Ericsson’s own defenses that failed – it was their supplier’s.

Russian Hackers Target Secure Messaging Apps While Attackers Get Creative with Social Engineering

Coffee in hand, I’ve been digging through this week’s security headlines, and there’s a concerning pattern emerging. We’re seeing threat actors get increasingly sophisticated with their social engineering tactics, while state-sponsored groups continue their relentless pursuit of high-value communications. Let me walk you through what caught my attention.

Signal and WhatsApp Under Fire from Russian APTs

The Dutch government issued a warning about Russian state-sponsored hackers running phishing campaigns specifically targeting Signal and WhatsApp accounts. This isn’t your typical credential harvesting operation – they’re going after government officials, military personnel, and journalists who rely on these encrypted messaging platforms for sensitive communications.

Attackers Are Getting Faster, Sneakier, and More Creative Than Ever

I’ve been digging through this week’s security news, and honestly, it’s making me rethink some of our fundamental assumptions about how attacks happen. We’re seeing a perfect storm of evolving tactics that should have every security team paying attention.

The Race Against Time Just Got Faster

Let’s start with what might be the most concerning trend: Google’s latest research shows that cloud attackers are now exploiting newly disclosed vulnerabilities within days, not weeks. Think about what this means for your patch management strategy. That comfortable two-week window you might have had to test and deploy patches? It’s basically gone.

iOS Exploits Hit Crypto Wallets While APT Groups Weaponize Cloud Services

I’ve been tracking some concerning developments this week that show how threat actors are getting more creative with their attack methods. We’re seeing everything from sophisticated iOS exploit kits targeting cryptocurrency wallets to nation-state groups using Google Drive as their command and control infrastructure.

The Coruna iOS Exploit Kit Changes the Game

The biggest story catching my attention is the discovery of something called Coruna - a collection of 23 iOS exploits that’s being used by multiple threat actors. What makes this particularly interesting is how it’s evolved from traditional espionage campaigns into financially motivated attacks targeting cryptocurrency wallets.

When Security Tools Break Before Attacks Do: Why Operations Visibility Matters More Than Ever

I’ve been thinking about something that happened to a colleague last month. Their team spent weeks fine-tuning detection rules in their SIEM, only to discover during a tabletop exercise that a routine infrastructure update had quietly broken their entire alert pipeline three days earlier. No alarms, no notifications – just silence where there should have been security signals.

From Deepfake Fraud to Data Sovereignty: Why This Week’s Security News Points to Bigger Shifts Ahead

I’ve been watching some interesting developments unfold this week that really highlight how our security challenges are becoming more complex and interconnected. While we’re still dealing with the usual suspects like APT groups and critical patches, there are some emerging trends that I think deserve our attention.

The Push for Local AI Security Processing

One story that caught my eye is Cylake’s new AI-native security platform that processes everything locally instead of relying on cloud services. This isn’t just another vendor announcement – it’s actually addressing a real concern many of us have been grappling with around data sovereignty.