I use a USB connected mic. If I’m that paranoid and don’t think turning off the mike is actually turning off the mike, simply unplug the usb line from the mic.

I think people need to start looking at internet of things tools, smart TVs, devices, etc. that use voice commands. As they are awaiting (read listening) for your commands.

Old Gremlins, new methods
https://blog.group-ib.com/oldgremlin_comeback

Zloader 2: The Silent Night
https://decoded.avast.io/vladimirmartyanov/zloader-the-silent-night/

Threat Spotlight: “Haskers Gang” Introduces New ZingoStealer
https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html

How to recover files encrypted by Yanlouwang
https://securelist.com/how-to-recover-files-encrypted-by-yanlouwang/106332/

Newly found zero-click iPhone exploit used in NSO spyware attacks
https://www.bleepingcomputer.com/news/security/newly-found-zero-click-iphone-exploit-used-in-nso-spyware-attacks/
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/

Your iOS app may still be covertly tracking you, despite what Apple says
https://arstechnica.com/information-technology/2022/04/a-year-after-apple-enforces-app-tracking-policy-covert-ios-tracking-remains/
https://arxiv.org/pdf/2204.03556.pdf

Emotet botnet switches to 64-bit modules, increases activity
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/

New BotenaGo Variant Discovered by Nozomi Networks Labs
https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/
https://www.virustotal.com/gui/file/fdbd955959a8f42450af5ac2bf93efba180f4cbae64dd4dd852f65c2e2057f56?nocache=1

Social Networks Most Likely to be Imitated by Criminal Groups, with LinkedIn Now Accounting for Half of all Phishing Attempts Worldwide
https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/

Warez users fell for Certishell
https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/

Pwn2Own Miami 2022 Results
https://www.zerodayinitiative.com/blog/2022/4/14/pwn2own-miami-2022-results

When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

Real-time voice concealment algorithm blocks microphone spying
https://www.bleepingcomputer.com/news/security/real-time-voice-concealment-algorithm-blocks-microphone-spying/
https://www.engineering.columbia.edu/news/block-smartphone-microphone-speech-recognition-spying
https://arxiv.org/pdf/2112.07076.pdf

CVE-2022-21449: Psychic Signatures in Java
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine

Russia’s War in Ukraine Has Complicated the Means Through Which Cybercriminals Launder Funds. Here’s How They’re Adapting
https://www.flashpoint-intel.com/blog/russias-ukraine-war-is-complicating-cybercriminal-money-laundering/

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/

Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before
https://www.mandiant.com/resources/zero-days-exploited-2021