Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > Credential Theft
#Credential Theft

Shai-Hulud Malware Expands to npm Ecosystem, Stealing Cloud and CI/CD Credentials From Developers

26 June 2026  |  dark6  |  Malware

A credential-stealing malware campaign known as Shai-Hulud has expanded to target developers using the Leo/RStreams npm package ecosystem, harvesting GitHub tokens, cloud access keys, CI/CD secrets, and SSH...

>> read more

FortiBleed: Over 73,000 Fortinet Firewalls Compromised in Industrial-Scale Cyber Espionage Campaign

26 June 2026  |  dark6  |  Cybercrime

An industrial-scale cyber espionage campaign dubbed "FortiBleed" has silently compromised over 73,932 unique Fortinet firewall URLs across 194 countries, targeting Fortune 500 companies, government entities, and a NATO...

>> read more

Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials

2 June 2026  |  dark6  |  Cybercrime

A sophisticated supply chain attack dubbed "Miasma: The Spreading Blight" has backdoored over 30 official @redhat-cloud-services npm packages, deploying credential-stealing malware that targets AWS, Azure, GCP secrets, GitHub...

>> read more

Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers

1 June 2026  |  dark6  |  Cybercrime

Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously, stealing cloud credentials and 3,800 internal GitHub source...

>> read more

Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials

31 May 2026  |  dark6  |  Malware

A malicious NuGet package named "Sicoob.Sdk" impersonated the official Sicoob banking SDK and silently exfiltrated PFX certificates, private keys, and banking credentials from 484 downloads using Sentry telemetry...

>> read more

TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI

27 May 2026  |  dark6  |  Cybercrime

The TeamPCP threat group has compromised three consecutive versions of Microsoft's official Python DurableTask SDK on PyPI, injecting a worm-like payload that steals multi-cloud credentials from AWS, Azure,...

>> read more

Russian Hacker Builds Persistent Gemini Jailbreak to Power Influence Campaign, Credential Theft, and Crypto Wallet Draining

26 May 2026  |  dark6  |  Cybercrime

A Russian-speaking threat actor tracked as "bandcampro" has been exposed using a persistently jailbroken Google Gemini CLI to power a five-year operation combining AI-generated political disinformation, WordPress credential...

>> read more

Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz

25 May 2026  |  dark6  |  Malware

The automated "Megalodon" attack campaign pushed malicious CI/CD backdoors into 5,561 GitHub repositories within 6 hours on May 18, 2026, harvesting cloud credentials and OIDC tokens. The Tiledesk...

>> read more