The Russian-speaking cyber espionage group RedCurl has transitioned to deploying ransomware for the first time, utilizing a new strain named QWCrypt. This shift marks a significant change in their operations, previously focused on espionage. RedCurl's new ransomware specifically targets Hyper-V servers, indicating a strategic move towards more disruptive cyber activities. In a related development, hackers are exploiting a vulnerability in Windows systems, identified as CVE-2025-26633, to deploy malware such as Rhadamanthys and StealC. The exploit involves a stealthy manipulation of Windows Management Console (MMC) files. Additionally, a phishing-as-a-service kit named Morphing Meerkat has emerged, capable of mimicking login pages for over 114 brands by leveraging victims' DNS email records. This kit highlights the evolving nature of phishing attacks, which are becoming increasingly sophisticated and targeted.