# Today's Top Stories

July 14, 2026

  1. 1
    0
    CyberScoop general Jul 13
    Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’

    The EU and UK jointly attributed cyberattacks against Poland's energy grid and water treatment facilities to Russia's FSB Center 16 (Turla), sanctioning Russian government officials and entities involved in espionage and destructive operations across Europe. This marks a significant coordinated Western response, with formal attribution of critical infrastructure sabotage to a named FSB signals intelligence unit.

  2. 2
    0
    The Record threat-intel Jul 12
    Russia's FSB blamed for Poland grid attack as UK and EU impose first joint cyber sanctions

    UK and EU imposed their first-ever joint cyber sanctions, blaming Russia's FSB Center 16 for attempted cyber sabotage of Poland's energy sector and water treatment facilities, alongside broader malicious cyber activities across the region. Security teams in energy, utilities, and government sectors should treat this as a formal threat escalation signal from Western intelligence.

  3. 3
    0
    BleepingComputer general Jul 13
    US and allies warn of Russian critical infrastructure attacks

    CISA and cybersecurity agencies from eight allied nations issued a joint advisory warning that Russian state-sponsored hackers are actively targeting vulnerable and misconfigured routers to pivot into critical infrastructure networks spanning defense, communications, energy, finance, government, and healthcare. The advisory specifically flags residential proxy abuse as a key evasion technique and urges immediate router hardening.

  4. 4
    0
    The Hacker News general Jul 13
    iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

    CISA added two CVSS 10.0 vulnerabilities — CVE-2026-48939 (iCagenda) and a matching flaw in Balbooa Forms — to its KEV catalog after reports of zero-day exploitation in the wild, both enabling remote code execution via arbitrary file upload in Joomla extensions. Organizations running Joomla with these extensions should patch immediately, as active exploitation is confirmed.

  5. 5
    0
    Krebs on Security threat-intel Jul 13
    Lessons Learned from CISA’s Recent GitHub Leak

    CISA's postmortem on a contractor-caused data leak reveals that dozens of internal credentials — including AWS GovCloud keys — sat exposed in a public GitHub repository for nearly six months before KrebsOnSecurity notified the agency. The incident exposes critical gaps in secrets scanning, contractor oversight, and incident response that mirror risks faced by most enterprise security teams.

  6. 6
    0
    SecurityWeek general Jul 13
    Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns

    Progress Software urged customers to manually shut down their ShareFile Storage Zone Controller servers amid investigation of a credible, unspecified security threat — echoing the 2023 MOVEit pattern where delayed patching led to mass exploitation. Administrators running on-premises ShareFile deployments should treat this as an active risk requiring immediate action pending further guidance.

  7. 7
    0
    BleepingComputer general Jul 13
    Hackers backdoor Jscrambler npm package with infostealer malware

    A threat actor published a malicious version of Jscrambler's npm package embedded with infostealer malware, which was downloaded approximately 1,500 times before detection — representing another supply chain compromise of a widely-used client-side web security tool. Developers and security teams using Jscrambler's npm package should audit their dependencies and check for indicators of compromise immediately.

  8. 8
    0
    BleepingComputer general Jul 13
    EU sanctions Russian GRU military hackers over cyberattacks

    The EU and UK sanctioned dozens of Russian GRU-linked individuals and entities, formally accusing Russia of coordinating a network of hacking groups responsible for cyberattacks and sabotage operations targeting European governments and critical infrastructure over multiple years. The coordinated attribution and sanctions represent a major escalation in Western cyber deterrence policy.

  9. 9
    0
    BleepingComputer general Jul 13
    New CrashStealer malware poses as Apple crash reporting tool

    Jamf Threat Labs identified CrashStealer, a new macOS infostealer written in native C++ that masquerades as Apple's crash-reporting tool, uses a notarized dropper to bypass Gatekeeper, and validates the victim's login password locally before exfiltrating credentials, keychain data, and crypto wallets. The use of notarization to pass macOS security controls makes this a particularly sophisticated threat for macOS endpoint defenders.

  10. 10
    0
    The Hacker News general Jul 13
    Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

    Forg365, a new phishing-as-a-service platform sold via Telegram for $400/month or $3,800/year, combines device code phishing, adversary-in-the-middle session theft, AI-generated lures, and antibot evasion to compromise Microsoft 365 accounts. Security teams should update conditional access policies and monitor for device code flow abuse, as the low cost of entry makes this toolkit accessible to a wide range of threat actors.