Phishing emails remain a favored entry point for cybercriminals, often disguised as legitimate business communications to deceive users, such as in the Serpentine#Cloud campaign, where attackers use invoice-themed .lnk files to deploy Python-based malware via Cloudflare tunnels and gain persistent system access. Meanwhile, North Korea’s BlueNoroff group has adopted deepfake video tactics during Zoom calls, coupled with Telegram-based meeting invites, to distribute macOS malware through spoofed Zoom domains. In parallel, poorly secured MySQL servers—particularly in South Korea—are being actively targeted to deploy a range of malware, including Gh0stRAT, AsyncRAT, XWorm, HpLoader, and Zoho ManageEngine exploits. Continue reading for more cybersecurity news.