Today’s threat landscape is a perfect storm of destructive malware, mass credential theft, and attackers abusing the very tools defenders trust most. We’ve got a new data wiper hammering critical infrastructure in Venezuela, over 1,300 SharePoint servers still exposed to an actively exploited zero-day, and attackers turning Microsoft Defender itself into part of the attack chain. And if that wasn’t enough, fake crypto wallet apps slipped into Apple’s App Store while AI-assisted exploitation campaigns quietly harvested credentials from hundreds of targets.

Rockstar Games, Booking.com, and McGraw-Hill are all in today’s breach headlines, while a new warning says the quantum threat to encryption is no longer something organizations can afford to ignore. We’re also covering Microsoft zero-days, a dangerous Adobe PDF exploit, and over 100 malicious Chrome extensions stealing accounts straight from users’ browsers.

This week’s biggest cyber stories all point to the same hard truth: attackers are scaling faster than defenders, using automation, stolen tokens, and software supply chains to hit everything from Next.js apps and npm packages to routers, PLCs, and AI tools. And in several of these cases, they didn’t even need malware to cause serious damage.

This week’s cyber stories are a reminder that attackers are no longer just stealing data—they’re hijacking the tools we trust most, from Microsoft Intune and Azure alerts to GitHub Actions and iPhones. We’ve got a massive medical-device breach, a major software supply-chain compromise, active ransomware zero-days, and phishing campaigns that bypass even encrypted messaging protections.

This week in cyber, attackers turned Steam games into crypto-stealing malware, criminals used fake VPN downloads and live chat support to steal credentials in real time, and AI agents are suddenly becoming one of the biggest new enterprise security headaches. On top of that, critical flaws in Wing FTP, Veeam, and Linux AppArmor are reminding defenders that patching and identity protection still decide who wins.

A wiper attack tied to Iranian-linked hacktivists reportedly crippled Stryker on a global scale, while ShinyHunters is now linked to both a massive Telus Digital breach and Salesforce Experience Cloud data theft campaigns. And if that wasn’t enough, defenders are also dealing with AI-generated malware, hidden prompt injection attacks against AI agents, and ransomware crews hitting healthcare hard across multiple regions. Also - the BRAND NEW MACBOOK PRO M5 PRO in person!!

AI-generated malware is now being mass-produced by nation-state hackers, a major cybercrime forum selling stolen credentials has just been seized by law enforcement, and critical vulnerabilities in widely used enterprise systems could give attackers full control of corporate networks.

At the same time, new espionage campaigns, phishing platforms that bypass multi-factor authentication, and even vehicle tire sensors are creating unexpected security risks.

Today’s Threatopia briefing covers zero-days exploited for years, ransomware shutting down hospital systems, AI agents being hijacked, and warnings of imminent nation-state retaliation.

We have a Cisco SD-WAN zero-day abused for at least three years. APT28 exploiting a Microsoft MSHTML flaw with malicious shortcut files. APT37 breaching air-gapped networks using removable media. Hospitals in Mississippi forced offline by ransomware. And Google warning of likely Iranian cyber operations amid escalating geopolitical tensions.

At the same time, AI is reshaping the threat landscape from multiple angles. We’re seeing browser-level AI privilege escalation in Chrome’s Gemini panel, large-scale AI scraping becoming a board-level risk, AI agents like OpenClaw exposed to takeover, and major policy fallout around Anthropic’s technology in federal environments.

This episode is about convergence. Nation-state activity, ransomware impact, AI platform risk, and supply chain governance are no longer separate conversations. They are one interconnected risk surface.