Russian cybercriminals are exploiting a newly discovered vulnerability in the open-source archiver tool 7-Zip, identified as CVE-2025-0411. This flaw enables attackers to bypass Windows' Mark-of-the-Web protections, facilitating remote code execution through malicious archives. Trend Micro researchers have reported that this vulnerability has been actively exploited in zero-day attacks targeting Ukrainian organizations. The vulnerability was previously fixed in November 2024, but its exploitation has raised concerns about the security of Ukrainian entities amidst ongoing cyber threats. Additionally, a surge in crypto-stealing applications has been noted, with malicious apps appearing in both the Apple App Store and Google Play, aimed at stealing recovery phrases from users' crypto wallets. The Lazarus Group, linked to North Korean cyber activities, is also reportedly using fake job offers to spread cross-platform malware, targeting the crypto and travel sectors. The recent wave of cyberattacks highlights the increasing sophistication of threats faced by various industries, particularly in Ukraine and the crypto space.