
Apple Releases Critical Security Updates While New Cyber Threats Emerge Involving SimpleHelp and Git Repositories
On July 1, 2026, Apple released security updates for iOS, iPadOS, macOS, and Safari, addressing 28 vulnerabilities, primarily in WebKit, with additional kernel vulnerabilities that may impact watchOS, visionOS, and tvOS. Some patches were backported from beta versions of upcoming major OS releases. Separately, cybersecurity firm Blackpoint reported an intrusion into SimpleHelp, a remote tech support platform, exploiting an OpenID Connect bypass to authenticate as a technician and deploy obfuscated JavaScript malware (named 'jQuery.js') via NodeJS to steal credentials. Mozilla’s Odin Lab disclosed an attack vector involving cloned Git repositories, where AI-assisted initialization triggers a DNS lookup to fetch and execute malicious code from a DNS TXT record, demonstrating DNS as a covert channel. The SimpleHelp vulnerability was noted as easily exploitable and potentially ransomware-ready, though no ransomware deployment was observed in this case.