Today’s threat landscape is a perfect storm of destructive malware, mass credential theft, and attackers abusing the very tools defenders trust most. We’ve got a new data wiper hammering critical infrastructure in Venezuela, over 1,300 SharePoint servers still exposed to an actively exploited zero-day, and attackers turning Microsoft Defender itself into part of the attack chain. And if that wasn’t enough, fake crypto wallet apps slipped into Apple’s App Store while AI-assisted exploitation campaigns quietly harvested credentials from hundreds of targets.

Rockstar Games, Booking.com, and McGraw-Hill are all in today’s breach headlines, while a new warning says the quantum threat to encryption is no longer something organizations can afford to ignore. We’re also covering Microsoft zero-days, a dangerous Adobe PDF exploit, and over 100 malicious Chrome extensions stealing accounts straight from users’ browsers.

This week’s biggest cyber stories all point to the same hard truth: attackers are scaling faster than defenders, using automation, stolen tokens, and software supply chains to hit everything from Next.js apps and npm packages to routers, PLCs, and AI tools. And in several of these cases, they didn’t even need malware to cause serious damage.