Threat actors continue to exploit widely used software ecosystems to distribute malware and advance their campaigns. North Korean threat actors linked to the Contagious Interview campaign have published 35 malicious npm packages—six of which remain active—leveraging the HexEval loader to deploy the BeaverTail and InvisibleFerret malware. Meanwhile, researchers have observed a wave of cyberattacks against financial institutions in Africa, attributed to cluster CL-CRI-1014, where attackers are using open-source tools like PoshC2 and Chisel, and selling compromised access on dark web marketplaces. In a separate campaign, threat actors are weaponizing Black Hat SEO techniques to boost AI-related keyword rankings and distribute malware such as Vidar Stealer, Lumma Stealer, and Legion Loader.