Dropbox is being abused alongside GitHub as a command-and-control channel in the Kimsuky and ScarCruft campaigns, with Dropbox API endpoints used for C2 beaconing and potentially for staging or exfiltrating collected data. As with GitHub, no Dropbox vulnerability is exploited; the risk is platform trust abuse. Organizations should audit and restrict outbound access to api.dropboxapi.com from endpoints and servers without documented business justification and monitor for regular-interval beaconing patterns to Dropbox endpoints.