Canary Trap’s Bi-Weekly Cyber Roundup

This bi‑weekly roundup summarizes multiple active and emerging threats: OBSCURE#BAT is a stealthy malware campaign using fake CAPTCHA pages, trojanized downloads, and the r77 rootkit (with a fake driver) to maintain persistence and evade detection; Microsoft researchers disclosed a Context Compliance Attack (CCA) jailbreak that manipulates conversation history to bypass many AI model safeguards while other jailbreaks using hexadecimal encoding and emojis have also been demonstrated; a sophisticated Microsoft 365 phishing campaign abuses legitimate tenant emails to coerce victims into calling fraudulent support numbers; Black Basta chat logs show extensive use of stolen remote‑access credentials (RDP/VPN) highlighting the persistent risk of exposed remote access; and KPMG Canada warns of increased fraud and cyber risk as firms reroute supply chains under new tariffs.