The cybercrime group known as 'Hazy Hawk' has been exploiting DNS misconfigurations to hijack abandoned cloud assets and trusted domains, including those belonging to the CDC and PwC, to deliver malware. This activity has been ongoing since 2023. Separately, China-linked hackers identified as UNC5221 have exploited zero-day vulnerabilities in Ivanti EPMM (CVE-2025-4427 and CVE-2025-4428) shortly after their disclosure, targeting mobile endpoints in the defense, healthcare, and finance sectors. Additionally, a critical vulnerability in Windows Server 2025 dMSA has been reported, enabling Active Directory compromise. Another Chinese-speaking threat actor, UAT-6382, has exploited a now-patched zero-day flaw in Trimble Cityworks, a GIS-based asset and work order management software used by U.S. local governments. This breach allowed the deployment of Cobalt Strike and VShell malware via a Rust-based loader named TetraLoader, enabling persistent access to multiple local government networks in the United States.