Bleeping Computer

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains

A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. Earlier ...
Dark Reading

Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names — .zip and .mov — have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss ...
Ars Technica

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April

A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open ...
ExtremeTech

ZIP, RAR Have Surpassed Office Files as Most-Used Malware Containers

We all, hopefully, learned long ago not to open suspicious Microsoft Office files, which have long been one of the most common vectors for malware infection. According to a new report, there's a new ...
Ars Technica

Why does Windows store ZIP passwords?

While Windows doesn't give you the ability to create encrypted ZIP files, software like 7Zip does. If you choose the standard ZIP encryption (weak encryption) when making the ZIP file, then Windows ...