Categories Breaking News

Breaking News – Cyber Threats – 2026-07-13 13:00 PDT

Breaking News – Cyber Threats (last 6h)

Generated: 2026-07-13 13:00 PDT

  • Hackers backdoor Jscrambler npm package with infostealer malware
    BleepingComputer • 2026-07-13 12:44 • www.bleepingcomputer.com
    The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times. […]
    https://www.bleepingcomputer.com/news/security/hackers-backdoor-jscrambler-npm-package-with-infostealer-malware/
  • New CrashStealer malware poses as Apple crash reporting tool
    BleepingComputer • 2026-07-13 12:04 • www.bleepingcomputer.com
    A new macOS information-stealing malware called CrashStealer pretends to be Apple’s crash-reporting tool to steal credentials, keychain data, and crypto wallets. […]
    https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/
  • CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
    The Hacker News • 2026-07-13 10:36 • thehackernews.com
    Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems.

    Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs.

    “It validates the victim’s login password locally before
    https://thehackernews.com/2026/07/crashstealer-macos-malware-uses.html

  • Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
    The Hacker News • 2026-07-13 10:17 • thehackernews.com
    Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version.

    The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain.

    The
    https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html

  • CISA warns of actively exploited RCE flaws in Joomla extensions
    BleepingComputer • 2026-07-13 08:20 • www.bleepingcomputer.com
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads. […]
    https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-rce-flaws-in-joomla-extensions/
  • ⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
    The Hacker News • 2026-07-13 08:05 • thehackernews.com
    Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets.

    That’s the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too
    https://thehackernews.com/2026/07/weekly-recap-sharefile-threat-citrix.html

  • Lessons Learned from CISA’s Recent GitHub Leak
    KrebsOnSecurity • 2026-07-13 08:03 • krebsonsecurity.com
    The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials — including AWS Govcloud keys — in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency’s initial response provide important lessons that all security teams should absorb.
    https://krebsonsecurity.com/2026/07/lessons-learned-from-cisas-recent-github-leak/
  • Lidl discloses online shop breach after service provider hack
    BleepingComputer • 2026-07-13 07:19 • www.bleepingcomputer.com
    German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breach at a service provider. […]
    https://www.bleepingcomputer.com/news/security/lidl-discloses-online-shop-breach-after-service-provider-hack/
  • Breach at the Beach: Play the Ultimate Entra ID CTF
    BleepingComputer • 2026-07-13 07:01 • www.bleepingcomputer.com
    Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigate Entra ID attack techniques using realistic scenarios. […]
    https://www.bleepingcomputer.com/news/security/breach-at-the-beach-play-the-ultimate-entra-id-ctf/

Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.

Written By

More From Author

You May Also Like