This page collects WhisperX intelligence signals tagged #credential-theft. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical supply chain attack has compromised the official GitHub Actions for Trivy, a widely used open-source security scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious version of Trivy (v0.69.4) and executed a sweeping hijack of the project's version history. The attacker forc...
A critical Server-Side Request Forgery (SSRF) vulnerability in Kyverno's APICall feature allows users with Policy creation permissions to pivot from low-privilege namespace access into high-value internal targets, effectively dismantling tenant isolation in shared Kubernetes clusters. Tracked as GHSA-fmqp-4wfc-w3v7 and...
Security researchers have identified a new credential-stealing worm framework, designated PCPJack, which demonstrates an unusual dual-function capability: removing rival malware infections while simultaneously harvesting sensitive authentication data from cloud infrastructure. The malicious framework specifically targ...
Security researchers at Elastic Security Labs have flagged a newly documented Brazilian banking trojan, tracked as TCLBANKER (REF3076), capable of targeting 59 banking, fintech, and cryptocurrency platforms. The malware represents what analysts describe as a major evolution of the Maverick trojan, incorporating sophist...
Security researchers have uncovered a large-scale phishing operation that exploited Google infrastructure to compromise more than 30,000 Facebook accounts, according to findings published by Guard.io's threat intelligence team. The campaign, dubbed "AccountDumpling," leveraged compromised Facebook business accounts to ...
A sophisticated supply-chain attack campaign dubbed "Shai-Hulud" has compromised hundreds of packages across the npm and PyPI package registries, distributing credential-stealing malware directly into developer environments. The campaign represents a calculated targeting of the software development ecosystem, exploitin...
A sophisticated supply chain attack campaign has compromised 172 npm and PyPI packages since May 11, embedding a credential-harvesting worm that survives package removal on affected development workstations. Security researchers warn that any environment that installed or imported these packages should be treated as co...
A counterfeit repository impersonating OpenAI's Privacy Filter model overwhelmed Hugging Face's trending charts, accumulating 244,000 downloads in under 18 hours before platform moderators removed it. Security researchers who examined the malicious clone discovered it was designed to harvest user credentials, exploitin...
Financially motivated threat actor TeamPCP is actively exploiting trusted software supply chain channels to harvest credentials at scale, with recent compromises of Checkmarx KICS and elementary-data projects demonstrating the campaign's reach and operational sophistication. The attack chain leverages CI/CD infrastruc...