# Today's Top Stories
July 14, 2026
-
1CyberScoop general Jul 13Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’
The EU and UK jointly attributed cyberattacks against Poland's energy grid and water treatment facilities to Russia's FSB Center 16 (Turla), sanctioning Russian government officials and entities involved in espionage and destructive operations across Europe. This marks a significant coordinated Western response, with formal attribution of critical infrastructure sabotage to a named FSB signals intelligence unit.
-
2The Record threat-intel Jul 12Russia's FSB blamed for Poland grid attack as UK and EU impose first joint cyber sanctions
UK and EU imposed their first-ever joint cyber sanctions, blaming Russia's FSB Center 16 for attempted cyber sabotage of Poland's energy sector and water treatment facilities, alongside broader malicious cyber activities across the region. Security teams in energy, utilities, and government sectors should treat this as a formal threat escalation signal from Western intelligence.
-
3BleepingComputer general Jul 13US and allies warn of Russian critical infrastructure attacks
CISA and cybersecurity agencies from eight allied nations issued a joint advisory warning that Russian state-sponsored hackers are actively targeting vulnerable and misconfigured routers to pivot into critical infrastructure networks spanning defense, communications, energy, finance, government, and healthcare. The advisory specifically flags residential proxy abuse as a key evasion technique and urges immediate router hardening.
-
4The Hacker News general Jul 13iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
CISA added two CVSS 10.0 vulnerabilities — CVE-2026-48939 (iCagenda) and a matching flaw in Balbooa Forms — to its KEV catalog after reports of zero-day exploitation in the wild, both enabling remote code execution via arbitrary file upload in Joomla extensions. Organizations running Joomla with these extensions should patch immediately, as active exploitation is confirmed.
-
5Krebs on Security threat-intel Jul 13Lessons Learned from CISA’s Recent GitHub Leak
CISA's postmortem on a contractor-caused data leak reveals that dozens of internal credentials — including AWS GovCloud keys — sat exposed in a public GitHub repository for nearly six months before KrebsOnSecurity notified the agency. The incident exposes critical gaps in secrets scanning, contractor oversight, and incident response that mirror risks faced by most enterprise security teams.
-
ADSponsoredProtect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected → -
6SecurityWeek general Jul 13Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns
Progress Software urged customers to manually shut down their ShareFile Storage Zone Controller servers amid investigation of a credible, unspecified security threat — echoing the 2023 MOVEit pattern where delayed patching led to mass exploitation. Administrators running on-premises ShareFile deployments should treat this as an active risk requiring immediate action pending further guidance.
-
7BleepingComputer general Jul 13Hackers backdoor Jscrambler npm package with infostealer malware
A threat actor published a malicious version of Jscrambler's npm package embedded with infostealer malware, which was downloaded approximately 1,500 times before detection — representing another supply chain compromise of a widely-used client-side web security tool. Developers and security teams using Jscrambler's npm package should audit their dependencies and check for indicators of compromise immediately.
-
8BleepingComputer general Jul 13EU sanctions Russian GRU military hackers over cyberattacks
The EU and UK sanctioned dozens of Russian GRU-linked individuals and entities, formally accusing Russia of coordinating a network of hacking groups responsible for cyberattacks and sabotage operations targeting European governments and critical infrastructure over multiple years. The coordinated attribution and sanctions represent a major escalation in Western cyber deterrence policy.
-
9BleepingComputer general Jul 13New CrashStealer malware poses as Apple crash reporting tool
Jamf Threat Labs identified CrashStealer, a new macOS infostealer written in native C++ that masquerades as Apple's crash-reporting tool, uses a notarized dropper to bypass Gatekeeper, and validates the victim's login password locally before exfiltrating credentials, keychain data, and crypto wallets. The use of notarization to pass macOS security controls makes this a particularly sophisticated threat for macOS endpoint defenders.
-
10The Hacker News general Jul 13Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
Forg365, a new phishing-as-a-service platform sold via Telegram for $400/month or $3,800/year, combines device code phishing, adversary-in-the-middle session theft, AI-generated lures, and antibot evasion to compromise Microsoft 365 accounts. Security teams should update conditional access policies and monitor for device code flow abuse, as the low cost of entry makes this toolkit accessible to a wide range of threat actors.