THREATSDAY Bulletin this week highlights a string of practical security tricks, including OAuth consent abuse where Wiz warned that a large-scale campaign in early 2025 used 19 distinct malicious OAuth applications impersonating brands such as Adobe, DocuSign and OneDrive to gain access to victims’ data.
The bulletin also flags a new wave of signal phishing and messaging account takeovers, alongside a cloud breach via third‑party software and a microcontroller debug bypass, illustrating that old tricks are being polished for real incidents. One standout technical detail is the Zombie ZIP technique (CVE-2026-0866) that can cause false negatives in antivirus and EDR by crafting malformed ZIP headers.
In the hardware and software realm, BlackSanta EDR-killer demonstrates how attackers aim to neutralise endpoint protections, while the McKinsey AI platform breach reported two hours of access to a production database containing 46.5 million chat messages and 728,000 files, underscoring risks from agentic AI tools.
According to CERT Coordination Center (CERT/CC), Zombie ZIP was demonstrated by Bombadil Systems, and the broader piece notes numerous other threats from phishing‑resistant sign‑in to signed malware and DB‑driven exfiltration.