This threat intelligence newsletter highlights the emerging 'Platform-as-a-Proxy' (PaaP) technique, where attackers abuse legitimate SaaS notifications to bypass traditional email security. It also covers active campaigns, including Storm-1175 deploying Medusa ransomware via CVE-2026-1731, and UAT-10362 targeting Taiwanese organizations with a novel Lua-based malware called LucidRook.