A new malvertising campaign is targeting businesses by hijacking Google Ads accounts to run fraudulent ads. Attackers are using deceptive ads that lead to fake login pages, where they steal two-factor authentication (2FA) codes and credentials. This ongoing campaign has been described as a significant threat to advertisers, as it allows cybercriminals to exploit compromised accounts for malicious purposes. Reports indicate that the situation is evolving, with new phishing techniques, including the 'Sneaky 2FA' kit, which aims to bypass 2FA protections on Microsoft 365 accounts. The campaign is part of a broader trend of increasing cyber threats, with various vulnerabilities being exploited, including CVE-2024-7344, which affects UEFI systems and has been linked to unauthorized access. Experts urge businesses to remain vigilant against these sophisticated attacks.