The server-client communication in certain versions of WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users. WinZip is currently at version 25 but earlier releases check the server for updates over an unencrypted connection, a weakness that could be exploited by a malicious actor. Users are advised to upgrade to the latest version of the tool and disable update checks. The tool now has versions for macOS, Android, iOS, and iOS, as well as an enterprise edition that adds collaboration features.
Source: https://www.bleepingcomputer.com/news/security/hackers-can-use-winzip-insecure-server-connection-to-drop-malware/