ModHeader, CrashStealer, Joomla RCE active exploits; npm supply-chain risk
Google and Microsoft remove ModHeader extension (1.6M installs) after discovering hidden tracking. CrashStealer macOS malware evades Gatekeeper using signed code. CISA warns of active Joomla extension exploitation.
Read the full briefing →