Fake Claude code installers are delivering credential-stealing malware - AI hype is becoming a powerful lure for attackers. Verify before you install. 🤖⚠️ #CredentialTheft #SupplyChainRisk

https://www.esecurityplanet.com/threats/fake-claude-code-installers-deliver-credential-stealing-malware/

🔑 Credential Theft Alert: OAuth tokens stolen via SSO redirect attacks

Attackers exploiting OAuth 2.0 redirect URI bypasses to hijack SSO sessions on enterprise cloud platforms. Mandatory MFA alone isn't enough when token injection bridges the gap between auth and session.

Full guide → https://cyber.murati.net
#cybersecurity #infosec #SSO #OAuth #credentialtheft

Malicious NuGet Package Exfiltrates Sicoob Banking Credentials

A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.

https://osintsights.com/malicious-nuget-package-exfiltrates-sicoob-banking-credentials?utm_source=mastodon&utm_medium=social

#MaliciousNugetPackage #SupplyChainAttack #CredentialTheft #EmergingThreats #Brazil

🚨 New #ClickFix IOC domains observed:

• bigblower[.]click
• ganiballektor[.]cfd
• lenders[.]digital
• pusanik[.]shop

Related research points to exposed / publicly accessible ClickFix infrastructure and operational dashboards tied to ongoing malware delivery and social engineering activity.

Read more: https://potato.id/en/posts/weak-secops-exposed-clickfix-dashboard/

#ThreatIntel #IOC #CyberSecurity #Infosec #DFIR #SOC #ThreatHunting #OSINT #Malware #Phishing #ClickFix #LummaStealer #DarkGate #CredentialTheft #BlueTeam #CTI #DetectionEngineering #IncidentResponse

Chinese phishing campaigns are using live credential harvesting to capture accounts in real time - faster, stealthier, and harder to stop. Identity is still the primary target. 🎣⚠️ #CredentialTheft #PhishingThreats

https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/

GitHub Breach Exposes 3,800 Repositories via Malicious VS Code Extension

GitHub's security chief confirms that customer data remains safe, with no evidence of impact outside of GitHub's internal repositories. The breach originated from a poisoned VS Code extension installed on a compromised employee device, allowing attackers to steal credentials.

https://osintsights.com/github-breach-exposes-3800-repositories-via-malicious-vs-code-extension?utm_source=mastodon&utm_medium=social

#GithubBreach #MaliciousVsCodeExtension #SupplyChain #EmergingThreats #CredentialTheft

Developer Workstations Expose Software Supply Chain to Credential Theft

In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise…

https://osintsights.com/developer-workstations-expose-software-supply-chain-to-credential-theft?utm_source=mastodon&utm_medium=social

#CredentialTheft #SupplyChain #CicdPipelines #ApiKeyTheft #CloudCredentials

Avada Builder Flaws Expose WordPress Sites to Credential Theft

A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

https://osintsights.com/avada-builder-flaws-expose-wordpress-sites-to-credential-theft?utm_source=mastodon&utm_medium=social

#Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection

TanStack npm packages compromised in cache-poisoning attack

Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

https://osintsights.com/tanstack-npm-packages-compromised-in-cache-poisoning-attack?utm_source=mastodon&utm_medium=social

#SupplyChain #Npm #Tanstack #CachePoisoning #CredentialTheft

Active Directory Breaches Persist After Password Resets

Resetting passwords isn't enough to keep hackers at bay, especially in Active Directory environments where cached credentials and sync delays can leave gaping security holes. Even after a password reset, attackers can still find ways to exploit outdated credentials and gain unauthorized access.

https://osintsights.com/active-directory-breaches-persist-after-password-resets?utm_source=mastodon&utm_medium=social

#ActiveDirectory #CredentialTheft #PasswordManagement #IdentityAndAccessManagement #EntraId