Security news.
Today's cybersecurity news is dominated by active exploitation, with CISA warning about multiple vulnerabilities in Joomla extensions and a Cisco IOS flaw being exploited in the wild. Supply chain attacks also feature prominently, with a malicious npm package and a popular browser extension found to contain dormant info-stealing capabilities. State-sponsored threats continue to be a focus, as the EU and UK sanction Russian GRU hackers and a joint advisory warns against Russian critical infrastructure targeting.
Hackers Backdoor Jscrambler npm Package with Infostealer
The Jscrambler client-side web security company disclosed that a malicious version of its npm package was published and downloaded almost 1,500 times, containing infostealer malware.
CISA Warns of Actively Exploited RCE Flaws in Joomla Extensions
CISA has added high-severity vulnerabilities in iCagenda (CVE-2026-48939) and Balbooa Forms (CVE-2026-56291) extensions for Joomla to its KEV catalog, warning of active exploitation for remote code execution.
CISA Adds Cisco IOS CSRF Vulnerability (CVE-2008-4128) to KEV Catalog
CISA has added an actively exploited Cisco IOS Cross-Site Request Forgery Vulnerability (CVE-2008-4128) to its Known Exploited Vulnerabilities Catalog, urging federal agencies to address it.
Google and Microsoft Pull ModHeader Extension with 1.6 Million Installs
The popular browser extension ModHeader, with 1.6 million installs, has been removed from Chrome and Edge stores after researchers discovered a hidden, dormant browsing-history collector.
New CrashStealer Malware Poses as Apple Crash Reporting Tool on macOS
A new macOS information-stealing malware, CrashStealer, is masquerading as an Apple crash-reporting utility to steal credentials, keychain data, and cryptocurrency wallets.
US and Allies Warn of Russian State-Sponsored Critical Infrastructure Attacks
CISA and eight allied agencies issued a joint advisory warning that Russian Federal Security Service (FSB) cyber actors are targeting poorly configured and vulnerable networking devices globally to compromise critical infrastructure.
EU Sanctions Russian GRU Military Hackers Over Cyberattacks
The European Union and the United Kingdom have jointly sanctioned Russian individuals and entities, accusing them of coordinating a network of GRU-linked hacking groups responsible for cyberattacks across Europe.
RabbitMQ Vulnerability Threatens Enterprise Systems
An unauthenticated attacker could obtain a broker's confidential OAuth client secret in RabbitMQ, potentially leading to full control of the broker.