Microsoft has issued a warning regarding a new wave of phishing attacks targeting over 2,300 U.S. companies during the tax season. Cybercriminals are employing tactics such as fake DocuSign pages, PDFs, and QR codes to steal passwords and install malware, including Latrodectus and Brute Ratel. The primary targets of these attacks are IT, consulting, and engineering firms. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that there have been more than three attacks on Ukraine's government and critical systems since Fall 2024, utilizing phishing links to deploy WRECKSTEEL malware. The report highlights the increasing sophistication of cyber threats, with a significant percentage of cyberattacks (68%) originating from emails, and 22% of these threats concealed within PDF documents, according to Check Point.