This page collects WhisperX intelligence signals tagged #credential_theft. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the `aquasecurity/trivy-action` GitH...
A sophisticated supply chain attack compromised 84 versions of TanStack npm packages between 19:20 and 19:26 UTC on May 11, embedding malware capable of credential theft, self-propagation, and complete disk erasure on infected hosts. The campaign, linked to the ongoing Mini Shai-Hulud operation, also targeted packages ...