A new type of malware has emerged within the npm ecosystem, targeting the legitimate 'ethers' library through two rogue packages, ethers-provider2 and ethers-providerz. These malicious packages have been designed to deploy a reverse shell, which allows attackers to maintain persistent access to infected systems. Uninstalling the rogue packages does not eliminate the threat, as the malicious code remains in the system, ready to reinfect. Additionally, the cyber espionage group RedCurl has transitioned from espionage activities to deploying ransomware for the first time, utilizing a new strain called QWCrypt. This ransomware employs tactics such as distributing fake CVs and using legitimate Adobe tools to compromise systems. The group has not disclosed a motive or established a leak site for their activities. The Cybersecurity and Infrastructure Security Agency (CISA) has also issued warnings about active exploits targeting vulnerabilities in Sitecore CMS and other platforms, underscoring the ongoing threats in the cybersecurity landscape.