Phishing

Numerous websites impersonating the official Milano Cortina Olympics merchandise stores have been targeting U.S. and European shoppers as part of a discount scam campaign, Reuters reports.

Wells Fargo, USAA, and other financial and technology firms on the Fortune 500 have been spoofed as part of the Operation Doppelbrand phishing campaign that ran from December 2025 to January 2026, reports Infosecurity Magazine.

The Lazarus Group's operation, codenamed "graphalgo," began in May 2025.

The attack methods exploit inconsistencies in how Windows Explorer prioritizes conflicting target paths within LNK files.

The first known malicious Microsoft Outlook add-in has been discovered in the wild, marking a new frontier in supply chain attacks.

In December 2025, threat researchers at Binary Defense investigated an incident where an attacker successfully rerouted a physician's salary.