// #credential-theft
23 articles
Miasma / Shai Hulud Supply Chain Campaign: 100+ npm and PyPI Packages Compromised Including Red Hat Namespace
Security researchers have attributed a coordinated software supply chain attack to a threat cluster tracked as Miasma (also Shai Hulud), which compromised over 100 packages across npm and PyPI by stealing publisher credentials and injecting malicious code. The campaign reached the official Red Hat npm namespace, exposing organisations that rely on internal package mirror strategies as a security control.
DBIR 2026 Identity Chapter: Credential Theft Remains Dominant, MFA Bypass Techniques Accelerating
The identity and credential findings from Verizon's 2026 DBIR show that stolen credentials remain the most common enabler of breaches across all sectors, used in 44% of analysed incidents. More troubling: the DBIR documents a significant increase in MFA bypass techniques — adversary-in-the-middle phishing toolkits, SIM swapping, and push notification fatigue attacks that defeat MFA as commonly deployed.
TeamPCP 'Mini Shai-Hulud': Inside the Developer Toolchain Attack Campaign Now on CISA KEV
TeamPCP's simultaneous compromise of three developer toolchain components — a code-signed installer, an npm package, and a VS Code extension — follows a refined methodology the group has been developing across multiple 2026 campaigns. The technical approach explains why these attacks reach environments that are otherwise well-defended.
OpenAI Confirms Developer Devices Breached via TanStack Supply Chain Attack — Code-Signing Certificates Rotated
OpenAI confirmed that two developer devices were compromised as a result of the TanStack npm supply chain attack disclosed on 12 May, with malicious postinstall hooks executing on machines running npm install within the six-minute poisoning window. OpenAI rotated all affected code-signing certificates and npm tokens and is investigating whether any internal packages published using the compromised credentials were delivered downstream.
MicroStealer Infostealer Targets Education and Telecom via Discord Webhook Exfiltration
ANY.RUN analysts have documented MicroStealer, an infostealer active since December 2025 that specifically targets education and telecommunications sector organisations. MicroStealer uses multi-stage delivery, harvests browser credentials, session tokens, cryptocurrency wallets, and screenshots, and exfiltrates data exclusively via Discord webhooks — making it invisible to traditional network monitoring that blocks dedicated C2 domains. Detection rates on VirusTotal remain low.
Calendly-Themed AiTM Phishing Kits Rise with Real-Time Socket.IO and Telegram Exfiltration
urlscan.io researchers have documented a surge in phishing kits impersonating Calendly booking pages, used as a step in multi-stage AiTM credential theft chains targeting enterprise users. The kits use real-time Socket.IO connections for live victim monitoring, fake CAPTCHA challenges for victim fingerprinting, and Telegram bot webhooks for credential exfiltration — a combination that makes the attack infrastructure highly operationally efficient while appearing to originate from legitimate Calendly sessions.
Fake OpenAI Repository on Hugging Face Reached #1 Trending, Delivered Rust Infostealer to 244,000 Users
A malicious repository impersonating an official OpenAI project reached the top trending position on Hugging Face before being removed — delivering a Rust-compiled infostealer to an estimated 244,000 users who executed the repository's loader script. The attack exploited Hugging Face's trending algorithm and the high trust developers place in repositories attributed to the OpenAI organisation. Affected users should rotate all credentials accessible from the compromised machine.
JDownloader Official Download Site Hijacked to Serve Python RAT in Supply Chain Attack
The official JDownloader download site was compromised during a window of approximately 18 hours between 6 and 7 May 2026, with legitimate installer downloads replaced by a trojanised package delivering a Python-based remote access trojan. JDownloader is a popular open-source download manager with millions of users. Users who installed JDownloader during the compromise window should treat their system as compromised and perform immediate credential rotation and system remediation.
QLNX Linux RAT Harvests Developer Credentials to Enable Malicious Package Publishing on npm and PyPI
Trend Micro researchers have identified QLNX (Quasar Linux), a Linux-targeting remote access trojan specifically designed to harvest developer credentials — npm tokens, PyPI upload credentials, AWS IAM keys, Docker registry credentials, and GitHub CLI tokens — from developer workstations. The harvested credentials are then used to publish malicious packages to npm and PyPI under the compromised developer's identity, enabling second-stage supply chain attacks against the developer's downstream users.
TCLBanker Banking Trojan Spreads via WhatsApp and Outlook Worm Modules, Targets 59 Financial Platforms
Elastic Security has identified TCLBanker (tracked as REF3076 / Water Saci), an evolution of the Maverick banking trojan family, deploying worm modules that spread via WhatsApp message injection and Outlook email campaigns from infected machines. TCLBanker targets users of 59 financial platforms including online banking, cryptocurrency exchanges, and payment services. The malware uses DLL side-loading via legitimate Logitech software and employs anti-analysis watchdog processes to resist removal.
MacSync Stealer Delivered via Malicious Google Ad Targeting macOS Homebrew Users
A macOS infostealer tracked as MacSync has been distributed through a malicious Google search advertisement impersonating the Homebrew package manager — a tool used by virtually all macOS developers. The campaign harvests browser credentials, session tokens, macOS keychain data, and cryptocurrency wallet files from developer machines. macOS users who installed Homebrew via a Google search in the past 30 days should verify their installation source.
DEEP#DOOR: Python Backdoor Abuses Cloudflare Tunnels to Bypass Network Detection and Exfiltrate Credentials
Securonix researchers have disclosed DEEP#DOOR, a Python-based backdoor framework that routes command-and-control traffic through legitimate Cloudflare Tunnel infrastructure to evade network security controls. The malware establishes persistence via multiple mechanisms, disables Windows security features at installation, and specifically targets browser-stored passwords, session tokens, and cloud provider credentials.
PyTorch Lightning PyPI Package Compromised — Credential-Stealing Payload Delivered to AI/ML Development Environments
PyTorch Lightning versions 2.6.2 and 2.6.3 on PyPI were found to contain a credential-stealing postinstall payload, extending the Mini Shai-Hulud supply chain campaign that previously compromised SAP's official npm packages. Organisations running AI/ML workloads should audit Python environments and rotate any credentials stored on affected development or CI/CD systems.
Official SAP npm Packages Compromised to Steal Enterprise Developer Credentials
Threat actors compromised official SAP npm packages to insert credential-harvesting code targeting enterprise developers working on SAP integration projects. The malicious packages exfiltrate environment variables, SSH keys, and cloud credentials from developer workstations. Enterprise teams using SAP npm packages in their CI/CD pipelines should audit package integrity and rotate potentially exposed credentials.
CanisterSprawl: Self-Propagating npm Worm Steals Developer Credentials and Re-Infects Package Ecosystems
Researchers discovered CanisterSprawl, a self-propagating npm supply chain worm attributed to TeamPCP that compromised at least 16 packages including pgserve and @automagik/genie. A postinstall hook harvests npm tokens, cloud credentials, SSH keys, and AI tool configs, exfiltrating to a blockchain canister before using stolen tokens to inject the worm into every other package owned by the compromised developer. Organisations should audit postinstall scripts and rotate all credentials from affected development environments.
TeamPCP Supply Chain Campaign Expands to npm and Docker Hub — Bitwarden CLI and Checkmarx KICS Both Backdoored
The TeamPCP supply chain threat group has extended its campaign beyond GitHub Actions and PyPI to poison the @bitwarden/cli npm package and overwrite Checkmarx KICS Docker images and VS Code extensions. The campaign now spans four developer distribution channels across six weeks, deploying a self-propagating worm that exfiltrates SSH keys, cloud credentials, and MCP configuration files from compromised developer environments.
Payouts King Ransomware Deploys Hidden QEMU VMs to Blind Endpoint Security — New EDR Evasion Technique
The Payouts King ransomware operation, linked to former BlackBasta affiliates, has introduced a novel EDR bypass: deploying a legitimate QEMU virtual machine running Alpine Linux on compromised Windows hosts. Because endpoint security agents cannot inspect inside the VM, attackers operate the full intrusion — credential theft, lateral movement, and data exfiltration — completely invisible to host-level detection.
Microsoft Closes APT29's Favourite Phishing Door With New RDP File Protections
The April 2026 Windows update introduces mandatory security warnings and redirections-blocked-by-default for RDP connection files, directly countering the technique used by APT29 and other threat actors to silently redirect local drives and harvest credentials. Organisations using Windows 10 and 11 should confirm the KB is deployed.
FBI and Indonesian Police Dismantle W3LL Phishing Platform Behind $20M in MFA-Bypass Fraud
The FBI Atlanta Field Office and Indonesia's National Police have dismantled the W3LL phishing-as-a-service platform, arresting its alleged developer and seizing domains used in a global credential-theft and MFA-bypass operation. W3LL targeted over 17,000 victims in Microsoft 365 environments, capturing not just passwords but session tokens that allowed attackers to bypass multi-factor authentication.
TeamPCP Backdoors LiteLLM on PyPI — AI Gateway Package With 3 Million Daily Downloads Compromised
The LiteLLM Python package — a widely-deployed AI gateway library with three million daily downloads — was backdoored on PyPI on 24 March by threat actor TeamPCP. Malicious versions 1.82.7 and 1.82.8 deployed a three-stage payload stealing cloud credentials, Kubernetes secrets, and CI/CD tokens from any system that installed the package during a 40-minute window.
React2Shell CVE-2025-55182: China-Nexus Groups Exploit Max-Severity Next.js Flaw Across 30+ Organisations
CVE-2025-55182 (React2Shell), a maximum-severity unauthenticated remote code execution vulnerability in React Server Components and Next.js, is being actively exploited by China-state-affiliated threat groups and financially motivated actors simultaneously. Palo Alto Networks has confirmed over 30 organisations breached and 77,000 internet-exposed vulnerable instances, with attackers systematically harvesting AWS credentials, database connection strings, and SSH keys from compromised web infrastructure.
Trivy Security Scanner Hijacked — 75 GitHub Action Tags Redirected to Credential Stealer
The widely-used Aqua Security Trivy vulnerability scanner was compromised in a supply chain attack that replaced 75 version tags in the official trivy-action and setup-trivy GitHub Actions with credential-stealing malware. Threat actor TeamPCP leveraged non-atomic secret rotation to retain access after an initial February compromise, launching a second attack wave on 19 March. Any CI/CD pipeline that ran trivy-action or setup-trivy during the compromise window may have had cloud credentials, API tokens, and SSH keys exfiltrated.
Ivanti EPM Authentication Bypass CVE-2026-1603 Exploited — Federal Patch Deadline Today
CISA added CVE-2026-1603, an authentication bypass in Ivanti Endpoint Manager, to the Known Exploited Vulnerabilities catalogue on 9 March with a federal agency patch deadline of 23 March. The flaw allows unauthenticated attackers to bypass authentication entirely and steal Domain Administrator password hashes and service account credentials from EPM's credential vault.