The Good, the Bad and the Ugly in Cybersecurity – Week 17

**Executive summary:** The report details multiple concurrent threats: guilty pleas and enforcement actions against operators of criminal groups who used SMS phishing, SIM swaps and account takeover to steal at least $8M in cryptocurrency and to facilitate large ransomware extortions; allied agency warnings that China-linked actors are hiding attacks behind massive, shifting botnet proxy networks (e.g., Raptor Train, KV Botnet) that infect hundreds of thousands of IoT/SOHO devices; and SentinelLABS’ discovery of a highly sophisticated kernel-level sabotage framework ('fast16') capable of subtly corrupting high-precision computations and illustrating early state-grade tradecraft.