The spy who logged me in.

Researchers report that China-linked threat actor TA416 has resumed large-scale phishing and PlugX malware campaigns targeting European governments, diplomatic missions tied to the EU and NATO, and more recently Middle Eastern entities; the group used evolving techniques such as fake Cloudflare verification pages, Microsoft OAuth redirect abuse, and malicious C# project files to deliver customized PlugX, reflecting shifting geopolitical priorities and continued intelligence-gathering emphasis.