All news

Credential Theft

(14 articles)

May 20, 2026

GitHub Breached: 3,800+ Internal Repos Exfiltrated

A GitHub employee device hack led to the exfiltration of 3,800+ internal repos. Here's what happened, what was exposed, and how to protect your org.

May 19, 2026

Nx Console 18.95.0: Compromised VS Code Extension

Nx Console 18.95.0 was hijacked to steal developer credentials via VS Code. Learn what happened, who's at risk, and how to protect your environment now.

May 19, 2026

GitHub Action Tags Hijacked to Steal CI/CD Secrets

Popular GitHub Action tags were redirected to imposter commits designed to steal CI/CD credentials. Here's how the attack works and how to protect your pipelines.

May 15, 2026

Avada Builder Flaws Enable WordPress Credential Theft

Two Avada Builder plugin vulnerabilities affect 1M+ WordPress sites, enabling file reads and SQL injection attacks. Learn what's exposed and how to patch now.

Poisoned Ruby Gems and Go Modules Hit CI Pipelines

May 1, 2026

Poisoned Ruby Gems and Go Modules Hit CI Pipelines

Attackers are poisoning Ruby Gems and Go Modules to steal credentials from CI pipelines. Here's how the attack works and how to defend your build system.

PyTorch Lightning Supply Chain Attack Steals Creds

April 30, 2026

PyTorch Lightning Supply Chain Attack Steals Creds

PyTorch Lightning and intercom-client were hit in coordinated supply chain attacks. Here's how the credential theft worked and what developers must do now.

SAP npm Packages Hit in Credential-Stealing Attack

April 29, 2026

SAP npm Packages Hit in Credential-Stealing Attack

Malicious SAP-related npm packages were caught stealing credentials in a supply chain attack. Here's what developers need to check right now.

Bitwarden CLI npm Package Compromised to Steal Credentials

April 23, 2026

Bitwarden CLI npm Package Compromised to Steal Credentials

The Bitwarden CLI npm package was backdoored for 90 minutes on April 22, 2026. Learn what was stolen, how it spread, and what developers must do now.

Vercel Finds More Compromised Accounts in Context.ai Breach

April 23, 2026

Vercel Finds More Compromised Accounts in Context.ai Breach

Vercel identified additional compromised accounts linked to the Context.ai breach. Here's what developers need to know about the attack scope and how to respond.

108 Malicious Chrome Extensions Steal User Data

April 14, 2026

108 Malicious Chrome Extensions Steal User Data

108 malicious Chrome extensions were caught stealing Google and Telegram credentials from 20,000 users. Here's how they work and how to protect yourself.

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

April 6, 2026

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

A critical LiteLLM vulnerability exposed developer machines as credential vaults for attackers. Learn how it works and how to protect your AI toolchain now.

Hackers Exploit React2Shell in Automated Credential Theft Campaign

April 5, 2026

Hackers Exploit React2Shell in Automated Credential Theft Campaign

CVE-2025-55182 in React2Shell is being weaponized to steal AWS keys, SSH keys, and env secrets from Next.js apps at scale. 766 hosts hit in 24 hours.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

April 2, 2026

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Attackers exploited CVE-2025-55182 to compromise 766 Next.js hosts and harvest credentials. Here's what happened and how to protect your app.

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

March 24, 2026

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

TeamPCP compromised Checkmarx GitHub Actions pipelines using stolen CI credentials - here is what happened and how to lock down your own pipelines.