Tag: credentials
-
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Tags: ai, attack, breach, cloud, control, credentials, crypto, github, incident response, linux, LLM, macOS, malicious, malware, monitoring, open-source, openai, powershell, pypi, rat, spam, supply-chain, tool, windowspostinstall hook that would execute a dropper script when it was pulled in by a different package as a dependency.Shortly after midnight UTC on March 31 a new version of the Axios package, axios@1.14.1, was published on npm followed by axios@0.30.4 39 minutes later. Both listed plain-crypto-js@4.2.1 as a dependency in their package.json files, but…
-
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
The threat group’s shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials
-
Supply chain attack on Axios npm package: Scope, impact, and remediations
Tags: access, api, attack, breach, cloud, control, credentials, crypto, data, data-breach, defense, exploit, incident response, macOS, malicious, malware, open-source, rat, risk, security-incident, software, supply-chain, theft, threat, vulnerability, windowsThe Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeaways This incident is a…
-
2026 SANS Identity Threats Report: Why Attacks Still Work
SANS findings highlight the real issue, compromised credentials enable access long before traditional security controls detect a problem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/2026-sans-identity-threats-report-why-attacks-still-work/
-
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/
-
Latest Xloader Obfuscation Methods and Network Protocol
Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windowsIntroduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…
-
OpenAI patches twin leaks as Codex slips and ChatGPT spills
ChatGPT’s hidden outbound channel leaks user data: OpenAI has reportedly fixed a parallel bug in ChatGPT that goes beyond credential theft. Check Point researchers uncovered a hidden outbound communication path in ChatGPT’s code execution runtime that could be triggered with a single malicious prompt.This channel successfully bypassed the platform’s expected safeguards around external data sharing.…
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service sells a turnkey Microsoft device code phishing kit that has been in active use since mid”‘February 2026 and was quickly adopted by groups specialising in Adversary”‘in”‘the”‘Middle phishing and Business…
-
Tax Filing Scams Used to Deliver Malware in New Cybercrime Campaigns
Cybercriminals are once again exploiting global tax seasons, abusing IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new 2026 campaigns. Security researchers have already tracked more than a hundred tax-themed operations worldwide, with a noticeable increase in the use of legitimate RMM…
-
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency.Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency.According to StepSecurity, the two versions were published using the compromised npm credentials…
-
What Makes Browser Hijacking a Silent Threat?
Web browsers act as a critical gateway to an organization’s digital ecosystem, enabling access to banking, email, cloud applications, and sensitive customer data. When attackers compromise this gateway, they can monitor user activity, redirect traffic, and capture confidential credentials without detection. This threat, known as browser hijacking, has become increasingly widespread, affecting organizations of all……
-
Security at Scale: How Open VSX Is Raising the Bar
Security work is often most visible when something goes wrong: a compromised package, a leaked credential, a typosquatted extension, an abused automation token. In those moments, it becomes clear that software infrastructure is not abstract. It is operational, exposed, and trusted far more often than it is inspected. Open VSX belongs to that category of..…
-
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tax-season-new-phishing-tactics/
-
Popular AI gateway startup LiteLLM ditches controversial startup Delve
LiteLLM had obtained two security compliance certifications via Delve and fell victim to some horrific credential-stealing malware last week. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/30/popular-ai-gateway-startup-litellm-ditches-controversial-startup-delve/
-
AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection
The massive amount of junk code that hides the malware’s logic from security scans was almost certainly generated by AI, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ai-powered-deepload-steals-credentials-evades-detection
-
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
DeepLoad logs keystrokes, buries details behind reams of AI-generated code, and re-infect hosts days after being blocked, according to ReliaQuest. First seen on cyberscoop.com Jump to article: cyberscoop.com/deepload-ai-malware-obfuscation-at-every-stage-reliaquest/
-
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are using a new remote access toolkit called “CTRL” to silently hijack Remote Desktop Protocol (RDP) sessions via FRP-based reverse tunnels, enabling stealthy, hands-on access to compromised Windows systems. The toolkit blends credential theft, keylogging, and RDP abuse into a cohesive post-exploitation framework that currently flies under the radar of public malware scanners…
-
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit on an exposed server, revealing victim credentials, ngrok tokens, and a complete pre-encryption playbook. This led them to an unauthenticated HTTP server at 176.120.22[.]127:80, hosted by Russian bulletproof provider Proton66 OOO, exposing 126 files across 18 subdirectories and about 140 MB of data. Proton66 has previously been tied to…
-
DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deepload-malware-clickfix-ai-code/
-
TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials
Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 4.87.2) of its Python SDK to steal cloud and crypto credentials. First seen on hackread.com Jump to article: hackread.com/teampcp-fake-ringtone-file-tainted-telnyx-sdk-credentials/
-
New Homoglyph Tricks Let Cybercriminals Mimic Trusted Domains
New homoglyph attack techniques are turning tiny visual differences in text into a reliable way to spoof trusted domains, steal credentials, and bypass weak Unicode handling in security stacks. By abusing Internationalized Domain Names (IDNs), Punycode, and Unicode “confusables,” attackers can register domains that look legitimate in the browser bar while resolving to attacker”‘controlled infrastructure.…
-
Telnyx Python SDK Backdoored on PyPI to Steal Cloud Credentials
The popular Telnyx Python SDK on PyPI to deploy a multi”‘stage credential”‘stealing operation that targets cloud infrastructure, Kubernetes clusters, and developer environments at scale. On March 27, 2026, TeamPCP uploaded two malicious Telnyx SDK releases, versions 4.87.1 and 4.87.2, directly to PyPI at around 03:51 UTC, bypassing the normal GitHub”‘backed release flow used by the…
-
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders.The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling First seen on thehackernews.com…
-
LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems
A backdoored LiteLLM package enabled credential theft and persistence, exposing software supply chain risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/litellm-supply-chain-attack-exposes-credentials-across-ai-ecosystems/
-
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/