“Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
Each is a different way to break a machine: wipe the whole disk, overwrite the Windows drive, or run fake “ransomware” that scrambles files with a key it never saves
New Helix vishing group emerges in SharePoint data theft attacks
Microsoft expects more Windows security updates from AI-discovered flaws
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in –
allowScripts defaults to off, meaning
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all looks until the bill arrives.
The full ThreatsDay list is below.
Global
QIZ Security Raises $17 Million for Cryptographic Governance Platform
The Israeli company has developed a cryptographic posture and post-quantum cryptography management platform.
The post QIZ Security Raises $17 Million for Cryptographic Governance Platform appeared first on SecurityWeek.
New Forg365 phishing platform uses AI to target Microsoft 365 accounts
UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge
Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.
The post UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge appeared first on SecurityWeek.
