Categories Uncategorized

Top Security Breaches 2026-07-14

Top Security Breaches 2026-07-14

Auto-generated 2026-07-14T09:00:28.032983+00:00 (UTC)

  1. CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

    Source: The Hacker News | Published: 2026-07-13T17:36:12+00:00 | Score: 14.148
    lead image

    Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems.

    Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs.

    “It validates the victim’s login password locally before

  2. U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

    Source: The Hacker News | Published: 2026-07-14T08:02:33+00:00 | Score: 13.788
    lead image

    The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans.

    The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian

  3. ⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

    Source: The Hacker News | Published: 2026-07-13T15:05:57+00:00 | Score: 13.576
    lead image

    Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets.

    That’s the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too

  4. Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

    Source: The Hacker News | Published: 2026-07-11T17:49:31+00:00 | Score: 13.55
    lead image

    Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026.

    “At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal and

  5. Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

    Source: The Hacker News | Published: 2026-07-10T10:56:23+00:00 | Score: 13.524
    lead image

    Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure.

    The apps flagged with at least one problem have been installed more than 2.4 billion times.

    The problems are basic, not sophisticated. 29 apps let user traffic leak outside

  6. Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

    Source: The Hacker News | Published: 2026-07-10T16:29:00+00:00 | Score: 13.234
    lead image

    Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.

    The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was

  7. Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

    Source: The Hacker News | Published: 2026-07-09T18:38:49+00:00 | Score: 12.961
    lead image

    Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.

    “Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal

  8. Breach at the Beach: Play the Ultimate Entra ID CTF

    Source: BleepingComputer | Published: 2026-07-13T14:01:11+00:00 | Score: 12.889
    lead image

    Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigate Entra ID attack techniques using realistic scenarios. […]

End of report.

Written By

More From Author

You May Also Like