Cyber Briefing: 2026.07.14
Jscrambler npm compromise, critical SAP memory bugs, and a paralyzing malware attack on Japan’s leading taxi firm
Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.
Active software exploits, critical patching demands, and a major supply chain attack highlight the immediate operational risks facing organizations. On the vulnerability front, SAP deployed 19 emergency security patches to address severe flaws in NetWeaver, Approuter, and Commerce Cloud that could allow unauthenticated memory corruption and credential theft, while Google resolved a “Rogue Agent” flaw in Dialogflow CX that previously enabled compromised developer accounts to hijack AI chatbots and intercept live chats. Meanwhile, developers fell victim to a highly targeted supply chain attack where compromised credentials were used to publish malicious Jscrambler NPM packages containing credential-stealing hooks, infecting multiple downstream plugins before being neutralized.
On the infrastructure and regulatory front, real-world disruptions and decisive governmental actions are reshaping the operational environment. In Japan, the country’s top taxi operator, Nihon Kotsu, was forced to disable its internal systems and phone dispatch services following a disruptive malware attack on July 11, 2026, forcing a temporary shift to manual operations. In response to such systemic threats, the U.S. Treasury Department sanctioned the “1VPNS” virtual private network service for actively facilitating ransomware operations, following a coordinated global law enforcement takedown. Simultaneously, recognizing systemic bottlenecks, the Pentagon issued a 60-day freeze on its upcoming CMMC Phase 2 cybersecurity compliance rules, citing an acute shortage of authorized third-party assessors to meet the original November 2026 rollout deadline.
Listen to our podcast here ⏬
⚡THREAT LANDSCAPE
SAP Patches Critical NetWeaver & Cloud Flaws
SAP has released 19 security notes for its July 2026 patch day to address critical vulnerabilities across NetWeaver, Approuter, and Commerce Cloud. The most severe flaw could allow unauthenticated attackers to corrupt memory, smuggle HTTP requests, or leverage hardcoded credentials to compromise system data and availability. Read More
Malicious Jscrambler NPM Packages Released
A supply chain attack involving compromised credentials led to the publication of several malicious Jscrambler NPM package versions containing a credential-stealing preinstall hook. Threat actors successfully infected multiple dependent plugins, resulting in 1,479 downloads of the compromised versions before clean updates were deployed. Read More
🚨INCIDENTS & REAL-WORLD IMPACT
Malware Hits Japan’s Top Taxi Firm Nihon Kotsu
Japan’s largest taxi operator, Nihon Kotsu, was forced to shut down its internal systems following an unauthorized external malware attack detected on July 11, 2026. The emergency containment measures have temporarily disabled the company’s telephone dispatch services and online car hire reservations, prompting a shift to manual workarounds and app-based bookings while external cybersecurity experts investigate potential data leaks. Read More
🔓 EXECUTIVE RISK & CYBERNOMICS
US sanctions VPN aiding ransomware gangs
The U.S. Treasury Department has sanctioned the provider First VPN Service (1VPNS) and its administrator for enabling widespread ransomware and cybercrime operations. The action follows a major international law enforcement crackdown that dismantled the service’s global infrastructure and exposed its users. Read More
🛡️ POLICY, REGULATION & LEGAL SIGNALS
Pentagon Suspends CMMC Phase 2 Cyber Rules
The Department of War has issued a 60-day suspension on CMMC phase two requirements to review the program and alleviate bureaucratic burdens on small defense contractors. While existing phase one protocols remain in effect, officials cited a shortage of authorized third-party assessors as a primary reason the November 2026 rollout deadline is no longer viable. Read More
💻 CAREER ENABLEMENT
Google Dialogflow CX Rogue Agent Flaw Fixed
A newly patched vulnerability in Google Dialogflow CX, dubbed “Rogue Agent,” allowed insiders or compromised developer accounts to hijack AI chatbots within the same Google Cloud project. By exploiting a writable shared file in the execution environment, attackers could intercept live chat histories, steal user data, and inject malicious prompts.
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium








