Top Security Breaches 2026-07-14
Auto-generated 2026-07-14T09:00:28.032983+00:00 (UTC)
-
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Source: The Hacker News | Published: 2026-07-13T17:36:12+00:00 | Score: 14.148
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems.
Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs.
“It validates the victim’s login password locally before
-
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support
Source: The Hacker News | Published: 2026-07-14T08:02:33+00:00 | Score: 13.788
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans.
The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian
-
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
Source: The Hacker News | Published: 2026-07-13T15:05:57+00:00 | Score: 13.576
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets.
That’s the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too
-
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Source: The Hacker News | Published: 2026-07-11T17:49:31+00:00 | Score: 13.55
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026.
“At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal and
-
Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking
Source: The Hacker News | Published: 2026-07-10T10:56:23+00:00 | Score: 13.524
Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure.
The apps flagged with at least one problem have been installed more than 2.4 billion times.
The problems are basic, not sophisticated. 29 apps let user traffic leak outside
-
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Source: The Hacker News | Published: 2026-07-10T16:29:00+00:00 | Score: 13.234
Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.
The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
-
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Source: The Hacker News | Published: 2026-07-09T18:38:49+00:00 | Score: 12.961
Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.
“Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal
-
Breach at the Beach: Play the Ultimate Entra ID CTF
Source: BleepingComputer | Published: 2026-07-13T14:01:11+00:00 | Score: 12.889
Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigate Entra ID attack techniques using realistic scenarios. […]
End of report.
