Today’s Threatopia briefing spans supply chain compromise in npm and Android firmware, MFA-bypassing phishing kits, DNS-delivered PowerShell malware, AI assistants abused as covert command channels, and an actively exploited Dell zero-day tied to a suspected Chinese espionage group.

We’re also looking at 600,000 leaked retail customer records, critical VoIP and Windows privilege escalation flaws, record-high ICS vulnerabilities, and a global cybercrime crackdown that led to 651 arrests.

The common thread? Identity abuse, trusted platform compromise, and attackers hiding inside legitimate infrastructure.

Let’s break it down.