Credential-Theft

A Russian-speaking threat group utilized a large dataset of administrative and VPN credentials, likely sourced from exposed FortiGate configuration files and active credential harvesting, to access government, critical infrastructure, and multinational corporate networks, resulting in widespread data exfiltration.

A supply chain attack compromised over 30 npm packages under Red Hat's '@redhat-cloud-services' namespace, distributing a credential-stealing malware variant named 'Miasma' that targets sensitive developer information.

Nx Console contained an embedded malicious code vulnerability (CVE-2026-48027) which allowed a malicious version of the extension to be published and harvest credentials from disk and memory.

The Red Canary Intelligence Insights report for May 2026 highlights the rise of ClearFake, ACR Stealer, and GraphRunner, with ClearFake using JavaScript injection to deliver malware like ACR Stealer, and GraphRunner being abused for reconnaissance and data exfiltration via the Microsoft Graph API.

A rapidly growing Chinese-language PhaaS ecosystem is shifting towards real-time interception of credentials and tokenization of stolen payment data, bypassing traditional SMS security filters with encrypted channels like RCS and iMessage, and employing AI-based automation to evade detection.

Attackers compromised Laravel Lang packages by rewriting GitHub tags, distributing a credential-stealing malware targeting cloud credentials, secrets, keys, browser data, and cryptocurrency wallets across Windows, Linux, and macOS systems.

Fake FIFA World Cup websites are impersonating official ticket and merchandise sales to steal money and personal data from soccer fans through deceptive registration and payment processes.

A missing admin authorization check in the Arcane application on the `PUT /api/environments/{id}/templates/variables` endpoint allows any authenticated non-admin user to overwrite global environment variables, leading to supply-chain RCE, credential theft, and cross-tenant impact by overriding critical configuration values.

A GitHub employee's device was compromised via a malicious VS Code extension, leading to the theft of approximately 3,800 internal repositories by threat actor TeamPCP (UNC6780), who then offered the data for sale.

Compromised versions of `@cap-js/sqlite@2.2.2`, `@cap-js/postgres@2.2.2`, and `@cap-js/db-service@2.10.1` were published, leading to credential harvesting and attempted self-propagation; upgrade immediately and rotate credentials.

Between May 11th and May 12th of 2026, a threat actor compromised an npm publish token to publish 18 malicious versions of the '@beproduct/nestjs-auth' package (versions 0.1.2 through 0.1.19) containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign that exfiltrated npm tokens, GitHub PATs/OAuth tokens, AWS credentials, and Vault tokens, impacting developer environments.

Coder is vulnerable to a PKCS#7 signature bypass in Azure instance identity (CVE-2026-46354), allowing unauthenticated agent token theft via a forged vmId, enabling access to Git SSH private keys, OAuth access tokens, and workspace secrets.

TeamPCP compromised the PyPi package durabletask (versions 1.4.1, 1.4.2, and 1.4.3), stealing credentials for AWS, Azure, GCP, K8s, and Vault, brute-forcing passwords from password managers, and exfiltrating shell history before propagating to up to 5 targets via AWS SSM and Kubernetes.

The Shai-Hulud campaign is back and targets maintainer accounts to publish malicious code directly into the software supply chain via npm, recently hitting the Ant Design (AntV) ecosystem and potentially exposing downstream developers to credential theft and remote code execution.

Multiple functions in open-apis conduct substring-only matching to validate hostnames, allowing an attacker to perform Server-Side Request Forgery (SSRF) and capture authentication credentials by redirecting requests to an attacker-controlled endpoint.

TeamPCP is conducting a multi-ecosystem supply chain attack targeting the open-source ecosystem, specifically NPM packages, GitHub Actions, and VSCode extensions, to harvest credentials, exfiltrate sensitive data, and establish persistent access on infected systems via a Python-based backdoor.

Hackers injected credential-stealing malware into newly published versions of the node-ipc npm package in a supply chain attack, collecting cloud credentials, SSH keys, CI/CD secrets, and other sensitive data, exfiltrating it through DNS TXT queries.

UNC6671, operating under the "BlackFile" brand, conducts a sophisticated extortion campaign targeting organizations through voice phishing (vishing) and single sign-on (SSO) compromise, using adversary-in-the-middle (AiTM) techniques to bypass MFA and exfiltrate sensitive corporate data.

The Gremlin stealer malware has evolved with advanced obfuscation techniques, crypto clipping, and session hijacking capabilities to steal sensitive information from compromised systems.

Crabbox prior to v0.12.0 is vulnerable to environment variable exposure, allowing attackers with access to a malicious repository to forward local secrets into the remote command environment by exploiting overly permissive environment variable allowlisting and serializing sensitive environment variables into remote command execution, exposing credentials to the remote environment.

CVE-2026-45732 describes a high-severity authorization bypass vulnerability in n8n's OAuth1 and OAuth2 credential reconnect endpoints, where insufficient permission checks allow a user with read-only access to overwrite OAuth tokens, potentially leading to data exfiltration and persistent takeover of shared integrations.

Threat actors are increasingly using device code phishing, often via Phishing-as-a-Service platforms, to compromise user accounts by abusing the OAuth 2.0 device authorization grant flow and capturing authentication tokens, enabling account takeover, data theft, and business email compromise.

The Shai-Hulud malware was used in a large-scale software supply-chain attack compromising hundreds of packages across open-source software ecosystems by compromising developer secrets and CI/CD pipelines.

On 2026-05-11, multiple malicious versions of `@tanstack/*` packages were published to the npm registry due to a chained attack exploiting vulnerabilities in GitHub Actions; the attacker used a compromised GitHub Actions OIDC trusted-publisher binding to publish credential-stealing malware that harvests credentials, exfiltrates data, and propagates the compromise by republishing other packages with the same injection, requiring users who installed affected versions to consider their environment compromised and rotate all credentials.

On April 22, 2026, Checkmarx and Bitwarden suffered supply chain attacks where malicious versions of their developer tools were distributed through official channels, attempting to harvest sensitive information such as GitHub and npm tokens and exfiltrating data to audit.checkmarx[.]cx.

A malicious commit tagged as version 5.0.2 was pushed to the intercom/intercom-php repository on GitHub, containing a Composer plugin that downloaded the Bun JavaScript runtime and executed an obfuscated credential-harvesting payload, targeting cloud provider credentials, environment variables, SSH keys, and CI/CD secrets.

A compromised version (7.0.4) of the intercom-client npm package was published using a compromised developer account, containing obfuscated JavaScript that executed during installation to harvest and exfiltrate credentials from the environment, as part of the 'Mini Shai-Hulud' supply chain campaign.

Compromised PyTorch Lightning PyPI packages versions 2.6.2 and 2.6.3 contain malicious code related to credential harvesting, requiring immediate credential rotation and system rebuilding.

A new version of the CloudZ RAT utilizes the Pheno plugin to hijack Microsoft Phone Link connections, enabling the theft of SMS messages and one-time passwords (OTPs) from victims' mobile devices.

An unknown attacker is using the CloudZ RAT and its Pheno plugin to hijack the Microsoft Phone Link application and intercept SMS and OTP messages from connected mobile devices, active since at least January 2026.

A remote attacker can exploit a compromised Bitwarden CLI npm package to steal credentials and exfiltrate sensitive information.

Threat actors are compromising npm packages, including those targeting SAP developers, to steal credentials, embed themselves in CI/CD pipelines, and deploy multi-stage payloads using techniques like wormable propagation and covert C2 channels on GitHub.

In Q1 2026, email threats increased, including credential phishing, QR code phishing, and CAPTCHA-gated campaigns, with Microsoft's disruption of the Tycoon2FA phishing platform leading to a 15% volume decrease and shifts in threat actor tactics; BEC activity remained prevalent at 10.7 million attacks.

The Mini Shai-Hulud campaign injected malicious code into SAP NPM packages, targeting credentials and cloud secrets related to SAP Cloud Application Programming (CAP) and SAP cloud deployment workflows, exfiltrating data through public GitHub repositories.

Multiple official SAP npm packages were compromised via a supply chain attack, likely by TeamPCP, to steal credentials and authentication tokens from developers' systems.

UNC6692 is a newly discovered, financially motivated threat actor that combines social engineering via Microsoft Teams, custom malware named SNOWBELT, and abuse of legitimate AWS S3 cloud infrastructure in its attack campaigns to steal credentials and prepare for data exfiltration.

Attackers are stealing AWS credentials configured as GitHub Actions secrets and using them from non-CI/CD infrastructure, indicating potential credential theft and unauthorized access to AWS resources.

A coordinated campaign uses 108 malicious Chrome extensions to steal user data, inject ads, and establish backdoors on over 20,000 systems via a shared command-and-control infrastructure.

SiYuan is vulnerable to zero-click NTLM hash theft on Windows and blind SSRF on all platforms due to insecure Mermaid.js configuration, where a malicious Mermaid diagram containing a protocol-relative URL can be injected into a note, causing the Electron client to fetch the URL, triggering SMB authentication on Windows and sending the victim's NTLMv2 hash to the attacker. On macOS and Linux, the request acts as a tracking pixel and blind SSRF.

Malicious actors are exploiting OpenClaw, Moltbot, and Clawdbot AI coding agents via Node.js to execute arbitrary shell commands and download-and-execute commands, potentially targeting cryptocurrency wallets and credentials.

A man-in-the-middle vulnerability exists in Amazon Athena ODBC driver versions prior to 2.1.0.0 due to improper certificate validation, potentially allowing attackers to intercept authentication credentials when connecting to external identity providers.

Compromised versions of the `axios` npm package introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT), impacting users of `@usebruno/cli` who ran `npm install` between 00:21 UTC and ~03:30 UTC on March 31, 2026, potentially leading to credential exfiltration.

The DeepLoad malware steals credentials, installs malicious browser extensions, spreads via USB drives, and is being distributed via ClickFix campaigns using PowerShell loaders.

The trivy-action GitHub Action was compromised via git tag repointing, where 76 of 77 release tags were retroactively poisoned, leading to a multi-stage credential theft operation discovered following a spike in script execution detections on Linux runners.

The aquasecurity/trivy-action GitHub Action was compromised via git tag repointing, injecting malicious code into the entrypoint.sh script to steal credentials from CI/CD pipelines before executing the legitimate Trivy scanner.

The trivy-action GitHub Action, a widely used vulnerability scanner in CI/CD pipelines, was compromised via git tag repointing to inject a multi-stage credential stealer, affecting 76 of 77 release tags.

A threat actor compromised the PyPI package `telnyx`, uploading malicious versions 4.87.1 and 4.87.2 containing credential-stealing malware that exfiltrates data to a C2 server.

The aquasecurity/trivy-action GitHub Action was compromised via git tag repointing, injecting a multi-stage credential stealer into CI/CD pipelines, allowing for the theft of secrets and credentials.

The Tycoon2FA phishing-as-a-service (PhaaS) platform, used to bypass MFA and compromise email accounts, saw a temporary decrease in activity after a law enforcement takedown, but cloud compromises have since returned to pre-disruption levels with unchanged TTPs, indicating continued threat actor activity.

The TeamPCP threat actor compromised the Telnyx PyPI package, injecting credential-stealing malware hidden within WAV audio files to target Linux, macOS, and Windows systems.

The Tycoon2FA phishing-as-a-service (PhaaS) platform, disrupted in March 2026, has resurged with consistent tactics, employing adversary-in-the-middle (AITM) techniques to bypass MFA and compromise email accounts through phishing campaigns, credential theft, and session cookie hijacking.

The Tycoon2FA Phishing-as-a-Service platform, used to bypass multifactor authentication (MFA), has resurged to pre-takedown levels of activity following a disruption effort in March 2026, maintaining its original tactics, techniques, and procedures (TTPs) for credential harvesting and cloud compromise.

The trivy-action GitHub Action was compromised via git tag repointing, with attackers poisoning 76 of 77 release tags to inject a multi-stage credential stealer before the legitimate scanner runs, granting attackers access to CI/CD pipeline secrets.

UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18 contain an improper certificate verification vulnerability, enabling adjacent network attackers to perform man-in-the-middle attacks by presenting a fraudulent SSL certificate during SMTP connections to intercept traffic and steal credentials.

Compromised versions of the LiteLLM package (1.82.7 and 1.82.8) on PyPI contained malware designed to harvest sensitive credentials and files, exfiltrating them to a remote API, impacting users who installed and ran the package.

The LiteLLM package was compromised and infected with credential-stealing code through a supply chain attack leveraging the Trivy vulnerability scanner.

The GlassWorm campaign employs Unicode variation selectors to conceal malicious code within supply chain artifacts, subsequently querying a Solana wallet for C2 URLs and exfiltrating sensitive credentials.

Crunchyroll suffered a data breach after a Telus employee was phished, leading to Okta credential theft and exfiltration of 100GB of customer data.

GhostLoader malware leverages GitHub repositories and AI-assisted development workflows to distribute credential-stealing payloads targeting macOS systems.

VoidStealer leverages Chrome debugging capabilities to extract sensitive information, such as credentials and session cookies, directly from the browser's memory.

A research report auditing popular AI agent projects found that 93% rely on unscoped API keys as the only authentication mechanism, leading to potential credential exposure, privilege escalation, and lateral movement within multi-agent systems.

Detects the creation of Windows theme files in unusual locations, such as Desktop, Documents, Downloads, or Temp directories, which can be indicative of remote code execution or NTLM coercion attacks.

An authenticated server-side request forgery (SSRF) vulnerability affects the webhook trigger tools and the n8n API client in n8n-mcp versions 2.18.7 to before 2.50.2, allowing attackers to make HTTP requests from the n8n-mcp host to internal services and cloud metadata endpoints, potentially leading to credential theft and internal service enumeration.

FireFighter versions before 0.0.54 are vulnerable to an unauthenticated server-side request forgery (SSRF) vulnerability in the `/api/v2/firefighter/raid/jira_bot` endpoint, allowing attackers to potentially steal IAM credentials in cloud environments.

The creation of Universal Data Link (UDL) files on Windows systems can indicate a phishing technique where attackers bypass email filters and capture user credentials by tricking victims into testing a connection to a malicious server.

This analytic detects the use of the taskkill command to terminate known browser processes, a technique employed by malware such as Braodo stealer to steal credentials by forcefully closing browsers like Chrome, Edge, and Firefox to unlock files containing sensitive information.

The Atypical Travel detection in Azure Identity Protection identifies potentially compromised user accounts by detecting geographically improbable sign-in activity, indicative of account compromise or misuse.

Detects copy operations of Active Directory Domain Database (ntds.dit) or Security Account Manager (SAM) files, potentially exposing sensitive hashed credentials on Windows systems.