Cybercriminals are targeting YouTube creators by sending fake business proposals that contain Windows malware, according to a report from cybersecurity firm CloudSek. The attackers impersonate legitimate brands to deceive channel administrators and marketing staff into opening malicious email attachments. This tactic aims to steal sensitive data from YouTubers, who are increasingly lucrative targets due to their substantial earnings. In addition to this threat, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including a severe flaw in Apache Struts (CVE-2024-53677) with a CVSS score of 9.5, which is actively being exploited. Another critical vulnerability in BeyondTrust's products (CVE-2024-12356) has a CVSS score of 9.8, further highlighting the urgent security risks in the current digital landscape.