Microsoft has issued a warning about PipeMagic, a framework used for stealth cyberattacks rather than traditional malware, with the Storm-2460 campaign targeting IT, finance, and real estate sectors globally. Meanwhile, Russian cyber group Secret Blizzard has exploited a vulnerability that compromises the root of trust, bypassing multi-factor authentication (MFA) and intercepting secure traffic, undermining protocols like TLS and FIDO. Additionally, hackers have been chaining two critical SAP vulnerabilities (CVSS scores 10.0 and 9.1) to bypass login controls and take full control of systems. These exploits have been actively used since March, despite patches being released in April and May, with ransomware groups and China-linked espionage actors involved. A new remote access trojan (RAT) named GodRAT has emerged, targeting financial and trading firms by hiding within fake financial documents sent via Skype. GodRAT, based on the 20-year-old Gh0st RAT code but enhanced with steganography, steals files, passwords, and can deploy additional malware. Furthermore, Russian developers associated with the Solana blockchain are reportedly being targeted by infostealer malware disguised as crypto packages on NPM, allegedly deployed by US state-sponsored actors to steal cryptocurrency credentials from Russian IP addresses. These developments highlight an evolving cyber threat landscape involving state-level actors and sophisticated malware campaigns affecting multiple industries worldwide.