Shai-Hulud Malware Expands to npm Ecosystem, Stealing Cloud and CI/CD Credentials From Developers
A credential-stealing malware campaign known as Shai-Hulud has expanded to target developers using the Leo/RStreams npm package ecosystem, harvesting GitHub tokens, cloud access keys, CI/CD secrets, and SSH...
FortiBleed: Over 73,000 Fortinet Firewalls Compromised in Industrial-Scale Cyber Espionage Campaign
An industrial-scale cyber espionage campaign dubbed "FortiBleed" has silently compromised over 73,932 unique Fortinet firewall URLs across 194 countries, targeting Fortune 500 companies, government entities, and a NATO...
Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials
A sophisticated supply chain attack dubbed "Miasma: The Spreading Blight" has backdoored over 30 official @redhat-cloud-services npm packages, deploying credential-stealing malware that targets AWS, Azure, GCP secrets, GitHub...
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously, stealing cloud credentials and 3,800 internal GitHub source...
Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials
A malicious NuGet package named "Sicoob.Sdk" impersonated the official Sicoob banking SDK and silently exfiltrated PFX certificates, private keys, and banking credentials from 484 downloads using Sentry telemetry...
TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI
The TeamPCP threat group has compromised three consecutive versions of Microsoft's official Python DurableTask SDK on PyPI, injecting a worm-like payload that steals multi-cloud credentials from AWS, Azure,...
Russian Hacker Builds Persistent Gemini Jailbreak to Power Influence Campaign, Credential Theft, and Crypto Wallet Draining
A Russian-speaking threat actor tracked as "bandcampro" has been exposed using a persistently jailbroken Google Gemini CLI to power a five-year operation combining AI-generated political disinformation, WordPress credential...
Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz
The automated "Megalodon" attack campaign pushed malicious CI/CD backdoors into 5,561 GitHub repositories within 6 hours on May 18, 2026, harvesting cloud credentials and OIDC tokens. The Tiledesk...