Fake Claude Code Installs, Arpa Phishing, Iranian and Russian Teams Mount Cyber Retaliation

In this episode of Cybersecurity Today, CEO David Shipley covers four major security stories. First, the “InstallFix” campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the credential-stealing malware.

A phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evade email and domain-based defenses, using attacker-controlled DNS zones, traffic distribution systems, and lures like surveys and account notices.

The “Zombie ZIP” technique that manipulates ZIP headers to bypass AV/EDR scanning, tied to CVE-2026-0866 and demonstrated to evade most VirusTotal engines.

Finally, a surge in pro-Iranian and pro-Russian hacktivist retaliation targeting Israel and regional entities with DDoS, defacements, breach claims, and disinformation, alongside Israel’s humorous counter-psychological video response.