Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of July 11, 2026.
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version.
The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain.
The analysis came from Stripe OLT, a UK security firm, which checked the code against Google’s own Web Store signature and confirmed the collector shipped inside the genuine extension, not a counterfeit.
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read.
Each read gets pinned to the moment it happened: the time, your location, what you were doing, even how you were using your phone. Some versions in the filing would listen all day; others would check in only at set times.
None of these ships in a product today, and Meta has not announced one; a filing like this stakes a claim on an idea long before anyone commits to building it.
A new macOS information-stealing malware called CrashStealer pretends to be Apple’s crash-reporting tool to steal credentials, keychain data, and crypto wallets.
Malware researchers started tracking the malware in May, when it appeared to still be in development, but observed it being used in attacks in early July.
CrashStealer has a typical infostealer capability set that seems to focus on password managers and more than 80 crypto wallet extensions.