Collecting Cyber-News from over 60 sources

Tag: credentials

Miasma Worm Compromises 73 Microsoft GitHub Repositories

Jun 9, 2026 7:42 PM

Tags: ai, cloud, credentials, github, infrastructure, microsoft, tool, worm

The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
Miasma Worm Compromises 73 Microsoft GitHub Repositories

Jun 9, 2026 7:42 PM

Tags: ai, cloud, credentials, github, infrastructure, microsoft, tool, worm

The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
Spoofing-Lücke in Windows-Verknüpfungen geschlossen – Freigegebenen Ordner anzeigen reicht für NTLM-Credential-Diebstahl

Jun 9, 2026 4:43 PM

Tags: credentials, ntlm, windows

First seen on security-insider.de Jump to article: www.security-insider.de/cve-2026-25185-windows-lnk-spoofing-ntlm-credential-diebstahl-a-681ea963287886c0b737419c8de05f8e/
Microsoft Defender Adds Monitoring for RPC Protocol Abuse in Cyberattacks

Jun 9, 2026 3:42 PM

Tags: credentials, cyber, cyberattack, endpoint, exploit, microsoft, monitoring, threat, update, windows

Microsoft has introduced enhanced monitoring capabilities in Microsoft Defender for Endpoint to detect and disrupt cyberattacks that abuse the Remote Procedure Call (RPC) protocol, a core Windows communication mechanism that threat actors frequently exploit for lateral movement and credential access. Announced on June 8, 2026, the update provides granular visibility into inbound remote RPC activity,…
New BitB Phishing Attack Targets Microsoft 365 Logins

Jun 9, 2026 2:42 PM

Tags: attack, credentials, cyber, login, microsoft, phishing, windows

A new Browser-in-the-Browser (BitB) phishing campaign is abusing fake OAuth login windows to steal Microsoft 365 credentials, and its design is polished enough to bypass casual visual checks. The attack uses a draggable popup that mimics a real browser dialog. However, it is embedded in the page itself and paired with a spoofed Microsoft OAuth…
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

Jun 9, 2026 1:43 PM

Tags: attack, credentials, malicious, pypi, supply-chain

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems.”The compromised releases shipped a *-setup.pth file that attempts to execute…
Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts

Jun 9, 2026 9:42 AM

Tags: access, credentials, crypto, cyber, malware, service, tactics, theft

Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The service packages credential theft, cryptocurrency wallet extraction, account hijacking and full remote-access capabilities into a low-cost, subscription-based offering marketed through SEO poisoning,YouTube promotion and counterfeit Minecraft mod websites. By combining polished distribution tactics…
Check Point VPN Zero-Day Under Active Exploitation by Ransomware Operators

Jun 9, 2026 8:43 AM

Tags: access, authentication, credentials, cve, cvss, cyber, exploit, flaw, mobile, ransomware, vpn, vulnerability, zero-day

Check Point has disclosed active in-the-wild exploitation of a critical authentication bypass vulnerability, tracked as CVE-2026-50751, impacting Remote Access VPN and Mobile Access deployments configured with the deprecated IKEv1 key exchange protocol. The flaw, assigned a CVSS score of 9.3, allows unauthenticated attackers to establish VPN sessions without valid credentials by exploiting a logic flaw…
Hackers Exploit ChatGPT, Claude, DeepSeek Brands in Credential Phishing Attacks

Jun 9, 2026 7:42 AM

Tags: ai, attack, breach, chatgpt, credentials, cyber, exploit, hacker, phishing, social-engineering, threat

Threat actors are increasingly weaponizing the global fascination with large language models and generative AI by impersonating major AI brands ChatGPT, Anthropic’s Claude, DeepSeek, and others to trick users into revealing credentials, payment information, and to install malware. These campaigns are not breaches of the vendor platforms; they are classic social engineering and distribution techniques…
Miasma Worm Hits Microsoft’s AI Coding Ecosystem

Jun 8, 2026 10:42 PM

Tags: ai, credentials, infection, intelligence, malicious, microsoft, supply-chain, tool, worm

Attackers Compromised More Than 70 Microsoft Repositories in Under 2 Minutes. Attackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 repositories, using artificial intelligence-assisted coding tools as an infection path to steal credentials and developer secrets at scale. First seen on govinfosecurity.com Jump to…
For the 2nd time in weeks, Microsoft packages laced with credential stealer

Jun 8, 2026 9:42 PM

Tags: ai, credentials, microsoft

73 packages run self-replicating stealer as soon as they’re opened by an AI agent. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer/
Pink Hacking Group Targets Enterprises to Steal Cloud Passwords

Jun 8, 2026 3:44 PM

Tags: attack, cloud, credentials, cyber, extortion, group, hacking, leak, mfa, password, phishing, social-engineering

A newly observed extortion brand called Pink (CL-CRI-1147) that is actively targeting enterprise users to harvest cloud storage credentials and bypass multi-factor authentication. The group’s leak site went live on May 31, 2026, and its operations combine social engineering with classic credential-phishing to quickly convert compromised accounts into extortion leverage. Pink’s attack chain begins with…
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload

Jun 8, 2026 3:44 PM

Tags: ai, credentials, email, login, malware, phishing, soc, theft

Phishing has always been a numbers game. AI has turned it into a volume machine.Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.As the queue…
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens

Jun 8, 2026 12:42 PM

Tags: credentials, crypto, cyber, rat, theft

A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is not a simple packed executable but a Lucid-branded information stealer and RAT wrapped inside a legitimate Node.js Single Executable Application (SEA). Static analysis recovered an embedded JavaScript loader and decrypted core…
Critical UniFi OS RCE Chain Grants Root Access Without Credentials

Jun 8, 2026 9:42 AM

Tags: access, advisory, authentication, credentials, cyber, flaw, injection, rce, remote-code-execution, update, vulnerability

Security Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full root takeover. The issue combines an authentication-gateway bypass, a path-traversal mismatch, and a command-injection sink in the package-update service. When chained, these flaws let an attacker send a single crafted HTTP request to…
Malicious Hugging Face Models Could Trigger Remote Code Execution

Jun 6, 2026 6:44 PM

Tags: ai, credentials, flaw, malicious, remote-code-execution, supply-chain

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks. The post Malicious Hugging Face Models Could Trigger Remote Code Execution appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hugging-face-transformers-rce-flaw/
Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

Jun 5, 2026 9:43 PM

Tags: cloud, credentials, github, malware, supply-chain

32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack. First seen on hackread.com Jump to article: hackread.com/miasma-malware-red-hat-packages-github-account/
What 2026 DBIR Confirms: Attacks Are Living in the Browser

Jun 5, 2026 4:43 PM

Tags: ai, attack, credentials, malicious, phishing, theft

Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/
The Cyber Express Weekly Roundup: Cloud Extortion, Long-Term Espionage, Android Zero-Days, and Public Sector Security Reviews

Jun 5, 2026 2:42 PM

Tags: access, android, attack, cloud, credentials, cyber, cybersecurity, espionage, exploit, extortion, identity, threat, zero-day

The cybersecurity landscape in this weekly roundup continues to show a clear shift toward identity-driven attacks, long-term persistence operations, and exploitation of trusted cloud environments. Threat actors are increasingly focusing on stealing credentials, abusing administrative access, and leveraging legitimate platforms to scale impact across organizations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-extortion-android-cloud/
Rust-Written IronWorm Hits NPM Supply Chain

Jun 5, 2026 12:42 AM

Tags: credentials, rust, software, supply-chain

Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rust-written-ironworm-npm-supply-chain
Lazarus Group Uses npm Brandjacking Campaign to Target Developers

Jun 4, 2026 3:42 PM

Tags: credentials, group, lazarus, malware, north-korea, tool

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk. First seen on hackread.com Jump to article: hackread.com/lazarus-group-npm-brandjacking-target-developers/
IronWorm npm Attack Steals Developer Secrets

Jun 4, 2026 1:42 PM

Tags: attack, credentials, crypto, cyber, data-breach, finance, malicious, software, supply-chain, worm

A newly uncovered supply chain attack dubbed “IronWorm” is leveraging malicious npm packages to compromise developer environments, steal sensitive credentials, and propagate itself across repositories in a worm-like fashion. The campaign, identified in the wild, targets software developers with a particular focus on crypto and Web3 ecosystems, where exposed secrets can yield immediate financial value.…
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack

Jun 4, 2026 12:42 PM

Tags: access, attack, credentials, cyber, email, espionage, microsoft, theft

A prolonged and highly targeted espionage campaign has been uncovered involving the compromise of a senior executive’s Microsoft Outlook account at a major global stock exchange, highlighting the strategic value of executive-level email access in modern cyber operations. The activity, which persisted for approximately five months between October 2025 and March 2026, demonstrates a disciplined…
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages

Jun 4, 2026 11:42 AM

Tags: attack, credentials, cyber, cybercrime, data, login, malware, phishing, tactics, threat

Cybercriminal tactics are evolving as phishing campaigns increasingly shift away from fake login pages toward infostealer malware designed to quietly harvest sensitive data from infected systems. While traditional credential-harvesting pages remain in use, threat actors are now prioritizing methods that reduce user interaction and increase data collection efficiency. Infostealers are purpose-built malware families that extract…
Fake Chrome Web Store Copyright Alerts Used to Steal Google Logins

Jun 4, 2026 8:42 AM

Tags: browser, chrome, credentials, cyber, google, hacker, login, phishing, risk

Hackers are actively targeting Chrome extension developers with a sophisticated phishing campaign that impersonates official Chrome Web Store copyright enforcement notices, aiming to steal Google account credentials and potentially compromise widely used browser extensions. Victims are told they have 48 hours to respond or risk permanent removal. The message appears highly personalized and directs users…
Fake Claude Code Installer on Google Sites Steals Credentials

Jun 4, 2026 7:42 AM

Tags: ai, credentials, cyber, google, malware, tool

Fake installers for Anthropic’s Claude Code are being weaponized in a new ClickFix-style campaign that abuses trusted Google Sites hosting to deliver a fileless credential”‘stealing malware payload. The operation impersonates popular AI development tools such as Claude Code and Codex, guiding victims to run an MSHTA-based command that ultimately stages an in”‘memory stealer inside PowerShell.exe…
Manipulierte Git-Tags verteilen Credential-Stealer in PHP-Paketen – Laravel-Lang-Stealer stiehlt Cloud-, Browser- und Vault-Daten

Jun 4, 2026 7:42 AM

Tags: cloud, credentials

First seen on security-insider.de Jump to article: www.security-insider.de/laravel-lang-supply-chain-credential-stealer-git-tags-cloud-browser-a-d8a36765defe9b2a7f93b4f69281614e/
Ultrahuman says hackers accessed customers’ wellness data via internal tool

Jun 3, 2026 8:42 PM

Tags: breach, credentials, data, hacker, malware, tool

The breach at wearable ring maker Ultrahuman stemmed from credentials stolen from a malware-infected employee laptop. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/03/ultrahuman-says-hackers-accessed-customers-wellness-data-via-internal-tool/
Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers

Jun 3, 2026 11:43 AM

Tags: credentials, cve, cyber, data-breach, ntlm, vulnerability, windows

Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler Vulnerability Security researchers from Huntress have identified that the Windows search URI handler improperly processes user-supplied parameters, allowing attackers to coerce…
Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk

Jun 2, 2026 11:42 PM

Tags: attack, credentials, flaw, github, risk, supply-chain, theft

Claude Code GitHub Actions flaws could enable repository compromise, credential theft, and supply chain attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/claude-code-github-actions-flaw-created-supply-chain-attack-risk/