Accuracy is important in security stories.
>"If opened the archive goes to work".
No it doesn't. If "opened", the archive has a file in it. If the file is extracted *and* run, _then_ it goes to work.
If someone had developed a corrupt zip file that could auto-run code merely by being "opened", that would be important news, but how would you report it when you've been inaccurately telling people that that's what already happens for years?