// #developer-credentials

2 articles

More than 400 packages in the Arch Linux User Repository were compromised by an attacker who spoofed trusted maintainer identities to push malicious preinstall scripts. The scripts deploy an ELF infostealer harvesting developer credentials and an optional eBPF rootkit that persists across package removal attempts.

Jun 16, 2026 #supply-chain +5

💻 AppSec

Vercel Confirms Breach via Compromised AI Tool — Developer Environment Variables and Credentials Exposed

Cloud deployment platform Vercel has confirmed a breach traced to a Lumma infostealer infection at Context.ai, a third-party AI tool used by a Vercel employee. Attackers used the stolen Google Workspace OAuth access to reach Vercel's internal environments, exposing environment variables and a limited set of customer credentials. ShinyHunters is claiming responsibility and demanding $2 million for the stolen data.

Apr 20, 2026 #vercel +9

Over 400 Arch Linux AUR Packages Poisoned with eBPF Rootkit in Coordinated Maintainer Compromise

Vercel Confirms Breach via Compromised AI Tool — Developer Environment Variables and Credentials Exposed