Product
high
advisory
Compromised node-ipc npm Package Steals Credentials
2 rules 3 TTPs 2 IOCsHackers injected credential-stealing malware into newly published versions of the node-ipc npm package in a supply chain attack, collecting cloud credentials, SSH keys, CI/CD secrets, and other sensitive data, exfiltrating it through DNS TXT queries.
node-ipc +10
supply-chain-attack
npm
infostealer
credential-theft
2r
3t
2i
high
advisory
Multi-Cloud CLI Token and Credential Access via Command-Line Harvesting
3 rules 2 TTPsThis rule detects command-line activity indicative of credential access across multiple cloud platforms (GCP, Azure, AWS, GitHub, DigitalOcean, Oracle, Kubernetes), looking for specific commands used to print or access tokens and credentials, flagging hosts where multiple cloud targets are accessed within a five-minute window, suggesting potential credential harvesting activity.
gcloud +6
credential-access
cloud
cli
token-harvesting
3r
2t