credentials
-
SAP-related npm packages hit by credential-stealing supply chain attack
SAP-related npm packages were compromised in an April 29 supply chain attack that inserted credential-stealing malware into four releases, affecting developer, GitHub, npm, cloud, and Kubernetes secrets, according to a technical analysis from Aikido Security.
-
LiteLLM flaw exploited within 36 hours of public disclosure
LiteLLM’s CVE-2026-42208 SQL injection was exploited within 36 hours of disclosure, with attackers targeting database tables that store provider keys and runtime settings. The flaw affects versions 1.81.16 through 1.83.6.
-
Vercel says breach linked to third-party AI tool exposed limited customer credentials
Vercel said a breach tied to a third-party AI tool exposed access to some internal systems and affected a limited subset of customers. The company said sensitive environment variables were not known to be accessed and urged credential rotation.
-
Hackers use Next.js flaw to harvest credentials from 766 hosts, Cisco Talos says
Cisco Talos says hackers used a Next.js flaw to compromise at least 766 hosts and harvest credentials, keys and cloud secrets through an automated operation tied to UAT-10608.
-
Researchers find thousands of credentials in JSONFormatter and CodeBeautify archives
Researchers at watchTowr Labs said they recovered over 80,000 files saved to JSONFormatter and CodeBeautify that contained thousands of credentials and sensitive records spanning government, finance, telecoms and other sectors; both sites have temporarily disabled the save feature.
-
Shai‑Hulud campaign trojanises hundreds of npm packages and leaks CI/CD secrets to GitHub
A renewed Shai‑Hulud campaign has published thousands of trojanised npm packages that steal developer and CI/CD secrets and post them to GitHub; researchers at Aikido and Wiz say the operation modified legitimate packages, used compromised maintainer accounts and is leaking secrets in automatically created GitHub repositories.
-
Nikkei says Slack breach exposed personal information of more than 17,000 users
Nikkei said a Slack compromise exposed names, email addresses and chat histories for 17,368 people after attackers used credentials stolen from a malware-infected employee computer; the publisher voluntarily notified Japan’s data protection regulator and said no source-related material was affected.
-
Google denies reports that 183 million Gmail accounts were breached
Google said reports that 183 million Gmail accounts were breached are false; the dataset cited appears to be an aggregation of infostealer-sourced credentials shared with Have I Been Pwned, and users are advised to enable two-step verification, use passkeys and change exposed passwords.
-
Nx supply-chain attack: Malicious npm packages exfiltrate credentials and tokens
Security researchers say a supply-chain attack on the nx build system led to malicious nx npm packages that exfiltrated credentials and tokens. The breach was tied to a vulnerable PR workflow and elevated GitHub permissions, prompting widespread token rotation and intensified vendor-targeted remediation.
-
9GB Data Leak From Alleged North Korean Hacker Surfaces at DEF CON
Two hackers released a 9GB archive reportedly from a North Korean operator during DEF CON, with the material—including logs, credentials, and scripts—made available via DDoSecrets and published on Phrack; the data has been indexed and deemed authentic by researchers, though attribution remains uncertain.
