AI and privacy topics are prominent, with Google expanding AI Mode in Search to access Gmail and Photos, alongside GDPR/DSA investigations into risks associated with X in the EU.

Threat intelligence notes include the evolving dark web under law-enforcement pressure and the reemergence of Phantom Enigma in browser extensions and enterprise channels.

Threat campaigns describe MongoDB exposure leading to database extortion, PyRAT’s persistent cross-platform access, and new exfiltration techniques via Outlook add-ins to steal data with limited auditability.

A notable attack suppression event reports Poland allegedly thwarting a data-wiping malware campaign against energy infrastructure around year-end 2025, linked to suspected Russian actors.

This weekly cybersecurity recap zeroes in on high-impact threats and developments—from proxy networks and zero-days to ransomware and AI-targeted attacks—while outlining what defenders should monitor next.

Microsoft issued emergency out-of-band fixes for an actively exploited Office zero-day (CVE-2026-21509) and urged immediate patching to block attackers exploiting untrusted inputs.

Notable threat actors and campaigns persist, including TA584 with Tsundere Bot and XWorm, Phantom Enigma re-emergence with browser extensions and enterprise RATs, and attackers abusing AWS WorkMail to bypass SES controls for phishing infrastructure.

Critical vulnerabilities and exploits are highlighted, such as IVANTI EPMM CVEs 1281 and 1340 with zero-day activity, Windows App-V abuse for info-stealer distribution, and the long-standing WinRAR CVE-2025-8088 risk.

Patch news also includes Ivanti’s EPMM updates and Microsoft’s Office fixes, underscoring risks to mobile device management and exposure of PII.

Fortinet began patching FortiCloud SSO zero-day CVE-2026-24858 as attackers reportedly accessed FortiGate firewalls and created local admin accounts.

Industry-wide insights cover incident response, cyber resilience for CISOs, and evolving security tooling, including AI integration and open-source security practices.

Threat of the Week notes Google’s disruption of the IPIDEA residential proxy network, revealing how compromised devices fuel bruce-force, C2, and other malicious activities.