Tag: credentials
-
Unwary Chinese Hackers Hardcoded Credentials into Backdoors
Eset Researchers Discover Trove of Go-Based Malware. Researchers uncovered a Chinese-linked cyberespionage group after attackers left command and control credentials embedded in malware, exposing internal operations, testing environments and thousands of messages tied to campaigns targeting a Mongolia government agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/unwary-chinese-hackers-hardcoded-credentials-into-backdoors-a-31487
-
Xinference PyPI Breach Exposes Developers to Cloud Credential Theft
A severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft. Threat actors uploaded malicious versions of the tool to the Python Package Index (PyPI), embedding a heavily obfuscated infostealer into the code. Xinference has over 600,000 total downloads, making this a significant security event for the software…
-
Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack
Tags: attack, cloud, credentials, cyber, docker, infrastructure, injection, malicious, software, supply-chain, threatA massive software supply chain attack has targeted the official Checkmarx KICS (Keeping Infrastructure as Code Secure) Docker Hub repository. Discovered on April 22, 2026, by Docker and Socket, the compromise involves trojanized Docker images and malicious VS Code extensions designed to harvest and exfiltrate highly sensitive developer credentials and cloud infrastructure secrets. Threat actors…
-
Malicious pgserve, automagik developer tools found in npm registry
Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
-
Riddled with flaws, serialEthernet converters endanger critical infrastructure
Tags: access, authentication, control, credentials, data, data-breach, exploit, firmware, flaw, infrastructure, malicious, network, open-source, password, rce, remote-code-execution, risk, service, threat, update, vulnerabilityNew RCE and other vulnerabilities: Aside from all the known vulnerabilities from open-source components, the Forescout researchers also performed manual security analysis and identified previously unknown flaws in the firmware of three specific devices from two vendors: Lantronix EDS3000PS Series, Lantronix EDS5000 Series, and Silex SD330-AC.The web-based management interface of the Lantronix EDS5000 had five…
-
Riddled with flaws, serialEthernet converters endanger critical infrastructure
Tags: access, authentication, control, credentials, data, data-breach, exploit, firmware, flaw, infrastructure, malicious, network, open-source, password, rce, remote-code-execution, risk, service, threat, update, vulnerabilityNew RCE and other vulnerabilities: Aside from all the known vulnerabilities from open-source components, the Forescout researchers also performed manual security analysis and identified previously unknown flaws in the firmware of three specific devices from two vendors: Lantronix EDS3000PS Series, Lantronix EDS5000 Series, and Silex SD330-AC.The web-based management interface of the Lantronix EDS5000 had five…
-
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerabilityLast week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
-
Router Security Hardening Steps for 2026: From Default Credential Audits to Automated Firmware Risk Monitoring
Network edge devices are now among the most targeted entry points in cyberattacks. Recent intelligence shows that threat actors are focusing more on routers, firewalls, and VPN concentrators than on end-user machines, a trend highlighted in multiple 2025 threat intelligence reports. For IT teams responsible for Dutch enterprise environments, that shift makes a structured and…
-
New npm supply-chain attack self-spreads to steal auth tokens
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/
-
Toxic Combinations: When Cross-App Permissions Stack into Risk
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys…
-
Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel
A fully exposed command-and-control (C2) panel for a previously undocumented remote access trojan (RAT) framework dubbed Auraboros, supporting live audio streaming, intensive keylogging, browser credential theft, and multi-cookie hijacking all accessible over the internet with zero authentication. Further inspection revealed “Auraboros C2 Station,” a polished single-page dashboard that immediately loads victim data and live controls without…
-
ShinyHunters: SaaS Breaches Identity Risks (2026)
Who are ShinyHunters? Learn how this group exploits SaaS, credentials, and identity-based access”, and how to prevent modern data breaches. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/shinyhunters-saas-breaches-identity-risks-2026/
-
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/macos_clickfix_attacks_deliver_applescript/
-
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/macos_clickfix_attacks_deliver_applescript/
-
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
Tags: access, ai, api, automation, cloud, credentials, cybersecurity, data, data-breach, endpoint, finance, flaw, identity, infrastructure, microsoft, saas, service, toolWatching a privileged operator think out loud: The category of flaw should not be compared too closely to a conventional API bug, said Alexander Hagenah, cybersecurity researcher and executive director at Zurich-based financial infrastructure operator SIX Group.”A normal API issue is usually bound by a specific endpoint, dataset, or permission check. With an AI operations…
-
Cloud platform Vercel says company breached through third-party AI tool
Vercel released a statement acknowledging a breach and warning a “limited subset of customers” that their Vercel credentials were compromised. First seen on therecord.media Jump to article: therecord.media/cloud-platform-vercel-says-company-breached-through-ai-tool
-
Phishing and MFA exploitation: Targeting the keys to the kingdom
In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom/
-
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
Tags: access, ai, attack, breach, credentials, cybersecurity, exploit, identity, supply-chain, threat, zero-dayThe cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn’t changed: stolen credentials.Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing First seen on thehackernews.com Jump…
-
SideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail Logins
SideWinder is running an active credential”‘harvesting campaign that uses a fake Chrome PDF viewer and a pixel”‘perfect Zimbra clone on Cloudflare Workers to steal government webmail credentials from South Asian targets, including the Bangladesh Navy and Pakistan’s Ministry of Foreign Affairs. The campaign came to light after a Cloudflare Workers URL was spotted harvesting credentials…
-
Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects
The popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created on the platform before November 2025. According to a detailed public disclosure by security researcher…
-
Your AI Agents Should Be Getting Their Credentials from a PAM Vault
The rise of AI agents has created a problem that most security teams have not yet fully reckoned with. Developers are building agents that automate tasks, retrieve information, and take action on behalf of users. Those agents need credentials to do their jobs. And right now, in countless organizations, those credentials are being hardcoded into……
-
A Token Flaw Turned Azure’s AI Agent Into a Spy
Outsiders Could Exploit Misconfig to Stream Commands, Credentials. A misconfiguration in Microsoft’s Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization’s agent conversations in real time, watching commands, outputs and credentials, leaving no trace. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/token-flaw-turned-azures-ai-agent-into-spy-a-31462
-
A Token Flaw Turned Azure’s AI Agent Into a Spy
Outsiders Could Exploit Misconfig to Stream Commands, Credentials. A misconfiguration in Microsoft’s Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization’s agent conversations in real time, watching commands, outputs and credentials, leaving no trace. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/token-flaw-turned-azures-ai-agent-into-spy-a-31462
-
Vercel Traces Customer Data Theft to Agentic AI Tool Breach
Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider Finds. Cloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers. First…
-
MiningDropper Spreads Infostealers, RATs, Banking Malware on Android
Hackers are abusing a modular Android framework called MiningDropper to mine cryptocurrency and silently install infostealers, remote access trojans (RATs), and banking malware on infected devices. MiningDropper is a multi-stage Android dropper that combines crypto-mining with the delivery of additional malware payloads, including banking trojans, RATs such as BTMOB, and credential-stealing spyware. A recent variant is built…
-
Next.js developer Vercel warns of customer credential compromise
Tags: credentialsBlames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/vercel_context_ai_security_incident/
-
Why Dark Web Monitoring Is No Longer Enough (And What Comes Next)
The problem with how we monitor identity risk today For years, dark web monitoring has been positioned as the frontline defense against compromised credentials and identity exposure. If your data showed up on the dark web, you got an alert. If it didn’t, you assumed you were safe. That model no longer reflects reality. The……
-
QEMU Hijacked as Stealth Backdoor for Credential Theft, Ransomware
Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allows running full operating systems as virtual machines on a host. Threat actors are weaponizing this capability by running their…