Security researchers have identified a new cyber threat targeting European diplomats linked to Russia's advanced persistent threat group APT29. The group is deploying a malware called GRAPELOADER, disguised as wine-tasting invitations, to infiltrate European Ministries of Foreign Affairs. This malware acts as a stealthy first-stage loader that subsequently launches WINELOADER for deeper system access. Separately, Gmail users are being warned about a phishing scam where attackers send convincing emails that appear to come from "no-reply@google.com," exploiting a vulnerability that Google is now addressing. The phishing campaign has raised concerns due to its ability to bypass Google's strict security checks. Additionally, hackers have been abusing a Russian bulletproof hosting service named Proton66 for global malware distribution. Other notable cybersecurity incidents include a $5 million exploit of the zkSync Web3 platform through manipulation of its airdrop claiming mechanism, enabling attackers to bypass Sybil protections by splitting claims across thousands of wallets. Google has announced a fix for a bug that allowed scammers to send deceptive subpoena-related emails to developers. These developments highlight ongoing sophisticated cyber threats targeting government entities, major tech platforms, and blockchain networks.