A sophisticated phishing campaign exploiting a vulnerability in Google's infrastructure has been exposed by ENS developer Nick Johnson. The attack uses fake Google security alerts, including fake subpoena notices, that pass DKIM signature checks and appear legitimate in Gmail. The phishing scam abuses Google OAuth and script-friendly subdomains to deliver signed emails and direct users to counterfeit Google-styled portals designed to harvest passwords and personal data. Google initially denied the issue but has since acknowledged it and pledged to implement a fix. Concurrently, multiple groups are actively exploiting a critical NTLM vulnerability in Microsoft Windows (CVE-2025-24054) that allows credential theft through file downloads without user interaction. This flaw leaks NTLMv2 hashes via SMB, facilitating pass-the-hash attacks. The China-linked advanced persistent threat (APT) group Mustang Panda has upgraded its toolkit with new stealth tools such as TONESHELL v3, StarProxy, and keyloggers like PAKLOG and CorKLOG to target Myanmar, bypass endpoint detection and response (EDR) systems, and evade detection using FakeTLS techniques. Additionally, multi-stage malware attacks deploying Agent Tesla, Remcos RAT, and XLoader have been reported, using simple tricks to slip past security defenses. The Tycoon phishing-as-a-service kit has also evolved, employing techniques that improve stealth and enable attacks on mobile environments. These developments underscore the increasing sophistication of cyber threats targeting major technology platforms and government entities.