For the 2nd time in weeks, #Microsoft packages laced with #credential stealer

Dozens of #cryptographically verified #opensource packages from Microsoft were #compromised late last week to add advanced credential-stealing code that was triggered when #developers opened them in #AI coding #agents.

In all, multiple researchers said, 73 packages were flagged as #malicious when automated systems on #GitHub blocked them on the platform. Rather than noting they are malicious—and that developers who used #AIagents to work with them should assume their systems are compromised—the Microsoft-owned GitHub said it disabled the packages “due to a violation of GitHub's terms of service.” The text went on to encourage the package owner to contact GitHub.
#security

https://arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer/

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealingcampaign - https://www.redpacketsecurity.com/preinstall-to-persistence-inside-the-red-hat-npm-miasma-credential-stealingcampaign/

#threatintel
#npm-supply-chain
#credential-theft
#Miasma
#supply-chain-security
#redhat-cloud-services

Typosquatted npm packages used to steal cloud and CI/CD secrets - https://www.redpacketsecurity.com/typosquatted-npm-packages-used-to-steal-cloud-and-ci-cd-secrets/

#threatintel
#typosquatting
#npm
#supply-chain-attack
#cloud-security
#credential-theft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5and Confluence - https://www.redpacketsecurity.com/from-edge-appliance-to-enterprise-compromise-multi-stage-linux-intrusion-via-f5and-confluence/

#threatintel
#edge-appliances
#linux-intrusion
#confluence
#credential-relay
#mitre-attack-techniques

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft - https://www.redpacketsecurity.com/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/

#threatintel
#antv
#npm-supply-chain
#github-actions
#credential-theft
#supply-chain-security

Undermining the trust boundary: Investigating a stealthy intrusion throughthird-party compromise - https://www.redpacketsecurity.com/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-throughthird-party-compromise/

#threatintel
#trusted-relationships
#third-party-risk
#credential-theft
#persistence
#intrusion-detection

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTMtoken compromise - https://www.redpacketsecurity.com/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitmtoken-compromise/

#threatintel
#aiTM-phishing
#credential-theft
#phishing-attack
#adversary-in-the-middle
#cybersecurity-awareness

Containing a domain compromise: How predictive shielding shut down lateralmovement - https://www.redpacketsecurity.com/containing-a-domain-compromise-how-predictive-shielding-shut-down-lateralmovement/

#threatintel
#Predictive Shielding
#Domain Compromise
#Credential-Based Attacks
#Active Directory Security
#Incident Response

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise - https://www.redpacketsecurity.com/dissecting-sapphire-sleet-s-macos-intrusion-from-lure-to-compromise/

#threatintel
#sapphire-sleet
#macos
#social-engineering
#credential-harvest
#exfiltration

Thousands of consumer #routers hacked by Russia's #military

The Russian military is once again #hacking home and small office routers in widespread operations that send unwitting users to sites that harvest #passwords and #credential tokens for use in #espionage campaigns, researchers said Tuesday.
#russia #security #privacy #gru

https://arstechnica.com/security/2026/04/russias-military-hacks-thousands-of-consumer-routers-to-steal-credentials/