Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The Hacker News 11.07.2026 17:59
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux.
Socket flagged the release six minutes after it was published. If you or one of your
Spionageaktion: Nato-Transportwege mit gehackten Kameras ausgespäht
Golem 11.07.2026 08:51
In einer gezielten Operation soll Russland IP-Kameras von Privatpersonen gehackt haben, um militärische Transportrouten auszuspähen. (Russland, Kameras)
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
The Hacker News 11.07.2026 06:45
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution.
The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier.
"The