ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

**Executive summary:** This is a multi-item cybersecurity roundup reporting a range of active threats and observations — high-severity vulnerabilities (including an unauthenticated SSRF in Cisco Unified Communications Manager), nation-state spyware targeting mobile devices, large-scale malware distribution and malspam campaigns (DriveSurge, ClickFix/FakeUpdates, CastleLoader), RMM and trusted-tool abuse, on-chain payload delivery, AI-assisted evasion techniques, and multiple operational tradecraft trends — with recommendations to patch, remove exposed admin panels, and enforce basic security hygiene.