Cybersecurity experts warn that malicious PDFs are increasingly being used as delivery mechanisms for phishing attacks, particularly targeting Gmail users. These PDFs can masquerade as legitimate documents but contain links or scripts designed to steal user credentials and sensitive information. Awareness and caution are crucial for users to avoid falling victim to these deceptive tactics.

Russian hackers have successfully bypassed Gmail's multi-factor authentication by employing sophisticated social engineering tactics to obtain app-specific passwords from targeted academics and critics of Russia. The attackers impersonated U.S. Department of State officials, convincing victims to share their passwords under the pretense of accessing a secure communication platform. Security researchers have linked these activities to the state-sponsored group APT29, known for attacking high-profile targets since 2008.