ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

This security bulletin covers multiple threats: Cisco released patches for a high-severity SSRF vulnerability (server-side request forgery, where attackers trick a server into making unwanted requests) in Unified Communications Manager that could let unauthenticated attackers write files and gain root access; Russia's FSB reported foreign intelligence services deployed spyware on officials' mobile devices to steal data and conduct surveillance; threat actors are using social engineering to distribute VIP Keylogger through JavaScript, batch, and VBS loaders disguised as business communications; and the U.S. Treasury sanctioned Iran's largest cryptocurrency exchange for facilitating payments linked to terrorist activities and ransomware actors.