Security news.
Today's security landscape is dominated by destructive malware, sophisticated phishing campaigns, and critical vulnerabilities across major platforms. A new GigaWiper backdoor bundles multiple destructive capabilities, while attackers are increasingly leveraging AI and social engineering to compromise enterprise environments and cloud infrastructure.
Helix vishing group targets SharePoint with voice phishing and MFA abuse
A new data-extortion group called Helix is using identity-focused tactics including voice phishing, device code phishing, and MFA abuse to steal data from SharePoint environments.
GigaWiper Windows backdoor combines disk wiping, fake ransomware, and spyware
Microsoft has identified a destructive Windows backdoor that bundles three older destructive programs into one, allowing operators to wipe disks, overwrite drives, or run fake ransomware with scrambled files.
Forg365 phishing-as-a-service uses AI to target Microsoft 365 accounts
A new PhaaS operation called Forg365 combines adversary-in-the-middle and device code methods with AI-assisted lure generation to steal Microsoft 365 credentials.
KDDI data breach impacts 12 million via zero-day in third-party system
Japanese telco KDDI disclosed a breach affecting 12 million people after hackers exploited a zero-day vulnerability in a third-party system to access email systems for ISPs.
GodDamn ransomware uses PoisonX kernel driver to disable endpoint defenses
A new ransomware family called GodDamn employs the PoisonX kernel driver to neutralize security software; assessed as a rebrand of Beast ransomware first spotted in May 2026.
GhostLock: 15-year-old Linux privilege escalation vulnerability patched
A Linux kernel vulnerability affecting every major distribution since 2011 allows attackers to gain root access; researchers earned $92,000 from Google's bug bounty program.
CISA adds three actively exploited vulnerabilities to KEV catalog
CISA added CVE-2026-48908 (JoomShaper SP Page Builder), CVE-2026-55255 (Langflow Authorization Bypass), and CVE-2026-56290 (Joomlack Page Builder) to its Known Exploited Vulnerabilities catalog.
Global anti-fraud operation arrests 5,800 suspects, seizes $293 million
Law enforcement agencies across 97 countries arrested 5,811 suspects and seized $293 million in illicit assets in a coordinated anti-fraud crackdown.