Malicious NuGet Package Exfiltrates Sicoob Banking Credentials

A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.

https://osintsights.com/malicious-nuget-package-exfiltrates-sicoob-banking-credentials?utm_source=mastodon&utm_medium=social

#MaliciousNugetPackage #SupplyChainAttack #CredentialTheft #EmergingThreats #Brazil

🚨 New #ClickFix IOC domains observed:

• bigblower[.]click
• ganiballektor[.]cfd
• lenders[.]digital
• pusanik[.]shop

Related research points to exposed / publicly accessible ClickFix infrastructure and operational dashboards tied to ongoing malware delivery and social engineering activity.

Read more: https://potato.id/en/posts/weak-secops-exposed-clickfix-dashboard/

#ThreatIntel #IOC #CyberSecurity #Infosec #DFIR #SOC #ThreatHunting #OSINT #Malware #Phishing #ClickFix #LummaStealer #DarkGate #CredentialTheft #BlueTeam #CTI #DetectionEngineering #IncidentResponse

Chinese phishing campaigns are using live credential harvesting to capture accounts in real time - faster, stealthier, and harder to stop. Identity is still the primary target. 🎣⚠️ #CredentialTheft #PhishingThreats

https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/

GitHub Breach Exposes 3,800 Repositories via Malicious VS Code Extension

GitHub's security chief confirms that customer data remains safe, with no evidence of impact outside of GitHub's internal repositories. The breach originated from a poisoned VS Code extension installed on a compromised employee device, allowing attackers to steal credentials.

https://osintsights.com/github-breach-exposes-3800-repositories-via-malicious-vs-code-extension?utm_source=mastodon&utm_medium=social

#GithubBreach #MaliciousVsCodeExtension #SupplyChain #EmergingThreats #CredentialTheft

Developer Workstations Expose Software Supply Chain to Credential Theft

In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise…

https://osintsights.com/developer-workstations-expose-software-supply-chain-to-credential-theft?utm_source=mastodon&utm_medium=social

#CredentialTheft #SupplyChain #CicdPipelines #ApiKeyTheft #CloudCredentials

Avada Builder Flaws Expose WordPress Sites to Credential Theft

A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

https://osintsights.com/avada-builder-flaws-expose-wordpress-sites-to-credential-theft?utm_source=mastodon&utm_medium=social

#Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection

TanStack npm packages compromised in cache-poisoning attack

Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

https://osintsights.com/tanstack-npm-packages-compromised-in-cache-poisoning-attack?utm_source=mastodon&utm_medium=social

#SupplyChain #Npm #Tanstack #CachePoisoning #CredentialTheft

Active Directory Breaches Persist After Password Resets

Resetting passwords isn't enough to keep hackers at bay, especially in Active Directory environments where cached credentials and sync delays can leave gaping security holes. Even after a password reset, attackers can still find ways to exploit outdated credentials and gain unauthorized access.

https://osintsights.com/active-directory-breaches-persist-after-password-resets?utm_source=mastodon&utm_medium=social

#ActiveDirectory #CredentialTheft #PasswordManagement #IdentityAndAccessManagement #EntraId

PCPJack Disrupts TeamPCP's Cloud Footprint with Credential Theft

Meet PCPJack, a sneaky new credential theft framework that's wreaking havoc on TeamPCP's cloud operations by stealing sensitive credentials and clearing out the competition. This malicious tool is quietly moving through cloud environments, leaving a trail of compromised systems in its wake.

https://osintsights.com/pcpjack-disrupts-teampcps-cloud-footprint-with-credential-theft?utm_source=mastodon&utm_medium=social

#CredentialTheft #CloudSecurity #SupplyChain #MalwareOperations #EmergingThreats

Microsoft Edge Exposes Saved Passwords in Plaintext

Microsoft Edge's password management has a concerning vulnerability: it loads all saved passwords into browser memory in plaintext at startup, making it easier for hackers to steal credentials on compromised systems. This is in stark contrast to other Chromium-based browsers like Google Chrome and Brave, which only decrypt…

https://osintsights.com/microsoft-edge-exposes-saved-passwords-in-plaintext?utm_source=mastodon&utm_medium=social

#BrowserSecurity #CredentialTheft #PlaintextPasswords #MicrosoftEdge #ChromiumbasedBrowsers