Security
SocGholish Takedown, Fortinet Breach, Quantum Encryption Deadline
SocGholish takedown, Fortinet breach, AI phishing on Steam, and France's quantum deadline.
Police Clean Nearly 15,000 Malware-Infected Sites in SocGholish Operation
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and seized over 100 servers linked to the SocGholish botnet and the Russian cybercrime group Evil Corp. The joint action, supported by Europol and Eurojust under Operation Endgame, involved authorities from the Netherlands, Canada, the United States, and Germany. Dutch police removed the malware and backdoors from 14,971 compromised sites and advised website owners to update credentials, enable multi-factor authentication, and keep WordPress installations current. Maikel Rollman of the Netherlands’ National High Tech Crime Unit said the operation deprives cybercriminals of access to infected systems, reducing the risk of attacks on critical infrastructure and marking the beginning of further action against SocGholish. SocGholish, also known as FakeUpdates and GhoLoader, is a JavaScript-based malware downloader active since at least 2017. It hijacks legitimate WordPress sites to trick visitors into downloading fake browser updates, then deploys additional malware such as Dridex, Doppelpaymer, and ransomware families linked to Evil Corp, including WastedLocker and Phoenix CryptoLocker.
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp →
Steam’s Wallpaper Engine Workshop Hijacked with Malicious Wallpapers
Cybersecurity firm Kaspersky reported that attackers hijacked Steam’s Workshop feature to spread malware through Wallpaper Engine, a popular PC background app. Malicious wallpaper packages containing harmful code could lead to stolen Steam accounts, backdoors, or crypto miners. Kaspersky stated that Steam’s team removed the identified malicious wallpapers, but similar examples may still be shared inadvertently, urging users to keep an active antivirus service. The malicious activity had been occurring since at least December 2025, with most targets in China and Russia. Infected wallpapers had been downloaded tens of thousands of times each. Wallpaper Engine remains one of Steam’s most popular apps with overwhelmingly positive reviews and tens of thousands of active users, making it a prime target for such attacks.
Sweeping Campaign Against Fortinet Devices Hits 75,000 Firewalls and Fortune 500 Firms
A large-scale hacking campaign targeting Fortinet devices compromised approximately 75,000 firewall and VPN appliances, with evidence of password theft at Fortune 500 companies and government agencies in over 15 countries, according to cybercrime tracking firm Hudson Rock. Most affected devices were in the United States, India, and Taiwan. Hudson Rock described the scale as ‘staggering,’ noting that the breach touched nearly every sector of the global economy. Fortinet acknowledged the campaign but stated that attackers were using data from previous incidents and brute-forcing passwords, not exploiting a recent vulnerability. The company said the activity was not related to any recent incident or advisory. Reuters could not confirm how many password thefts led to actual intrusions, and officials at CISA, the FBI, and cybersecurity authorities in India and Taiwan did not respond to inquiries.
Kali365 Phishing Platform Uses AI to Bypass Multi-Factor Authentication and Steal Microsoft Accounts
Security firm Huntress first detected Kali365, a phishing-as-a-service platform also known as Octopi365 and Freedom365, in May 2026 when examining Microsoft 365 logins from China. The FBI later issued a warning detailing the platform’s operations. Kali365 uses at least 33 built-in templates impersonating Microsoft products, 100 API endpoints, and role-based access control for phishing teams. It includes AI-enabled phishing, a crypto payment gateway, and a desktop application for operators. Rather than directly compromising multi-factor authentication, the platform steals session cookies and OAuth tokens after victims interact with highly realistic emails and websites that display valid SSL certificates. The FBI noted that many lures impersonate trusted cloud productivity and document-sharing services. Kali365 leverages Anthropic’s Claude AI model to read intercepted email threads, score them for fraud potential, and craft convincing reply messages with fabricated banking details and urgency, sent from the victim’s own mailbox. The FBI acknowledged the difficulty of avoiding such attacks due to their scale and legitimate appearance, and suggested that Microsoft must close security loopholes enabling authentication token transfers.
France to Phase Out Non-Quantum Encryption by 2027, Citing Growing Quantum Threats
France’s cybersecurity agency ANSSI announced it will stop certifying security products that do not use quantum-safe encryption beginning in 2027, and advised companies to buy only quantum-safe products by 2030. Since ANSSI certification is required for French government agencies and critical infrastructure operators, this effectively phases out older cryptographic systems. ANSSI Chief of Staff Samih Souissi emphasized that the decision concerns governance, industrial planning, and sovereignty. The move comes amid rising concern about Q-Day, when quantum computers will be powerful enough to crack modern encryption. Security experts warn of ‘harvest now, decrypt later’ attacks, where adversaries store encrypted data today for future decryption. In March, Google set a 2029 deadline for its own transition to post-quantum cryptography. In May, quantum security firm Project Eleven estimated that a cryptographically relevant quantum computer could arrive as early as 2030, potentially putting roughly 7 million Bitcoin at risk. Earlier this year, the Ethereum Foundation formed a dedicated post-quantum security team, elevating quantum resistance to a top priority.
France to Phase Out Non-Quantum Encryption as Bitcoin Security Concerns Grow →