An Iranian activist exposed a phishing campaign targeting high-profile users in the Middle East, aiming to steal Gmail and WhatsApp credentials. The hackers used a fake website to capture sensitive information and potentially conduct surveillance on victims. The campaign's timing suggests possible ties to government-backed espionage efforts.

Threat actors are using phishing emails with weaponized attachments to deploy malware aimed at Russia and Belarus' defense sector. The malware establishes a backdoor via OpenSSH and a customized Tor service, facilitating remote access while avoiding detection. Environmental checks ensure it only activates on genuine user systems.

Google Threat Intelligence Group reported a novel phishing campaign attributed to a suspected Russian espionage actor, UNC5837, targeting European government and military organizations. Attackers used signed .rdp files to establish Remote Desktop Protocol connections, enabling them to access victim systems and potentially exfiltrate sensitive information, highlighting the risks associated with lesser-known RDP functionalities.