This page collects WhisperX intelligence signals tagged #credential theft. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The threat actors behind the recent Trivy supply-chain breach have escalated their campaign, now poisoning the Python Package Index (PyPI) with malicious versions of the Telnyx SDK. This latest attack aims to infect developers' systems with credential-stealing malware, marking a continued and aggressive exploitation of...
Russian state-linked hackers have seized control of thousands of residential home routers worldwide, using them as a covert platform to steal passwords and authentication tokens. The operation, attributed to the group known as Fancy Bear or APT28, represents a significant escalation in cyber espionage tactics, moving b...
For six hours this week, the trusted CPUID website became a trap. Attackers hijacked a portion of its backend infrastructure, transforming legitimate download links for popular system monitoring tools like HWMonitor into a delivery mechanism for malware. Visitors seeking genuine software were instead exposed to a coin ...
The FBI has dismantled a sophisticated phishing operation that successfully compromised thousands of victims worldwide by stealing not just passwords, but also the multi-factor authentication (MFA) codes meant to protect them. This takedown highlights a critical escalation in credential theft, moving beyond simple pass...
Google's security team has uncovered a systematic campaign in which malicious web pages are weaponized to hijack AI agents, directing them to transfer funds, delete files, and transmit credentials to attacker-controlled infrastructure. The findings emerged from a scan of billions of web pages, revealing that threat act...
A critical security flaw in OpenClaw's third-party Skill marketplace allows malicious actors to execute arbitrary shell commands on a user's system during Skill installation — without any sandbox isolation, permission prompt, or code review. The vulnerability, classified as OWASP LLM Top 10: LLM03:2025 (Supply Chain Vu...
A coordinated string of security disclosures has exposed a systemic vulnerability across major AI coding assistants: attackers are consistently bypassing the models themselves and targeting the credentials these tools hold. Over nine months, six research teams documented exploits against Codex, Claude Code, Copilot, an...
A previously undocumented Linux implant dubbed Quasar Linux RAT (QLNX) has been discovered actively targeting developers' systems in what appears to be a calculated campaign against software supply chain infrastructure. The malware establishes a persistent, silent foothold on compromised machines before unleashing a su...
A single chat message is all it takes. CVE-2026-44843, a vulnerability in LangChain's framework, enables attackers to steal credentials and hijack AI application behavior through a malicious payload delivered via chat interface. The flaw resides in LangChain's tracer component, which deserializes untrusted data, granti...
A sprawling supply-chain attack has embedded credential-stealing malware into hundreds of open-source software packages distributed through major registries, security researchers warned. The campaign, dubbed "mini Shai-Hulud," targets development tools with massive user bases, placing malicious code within reach of dev...