Credential-Theft
CVE-2026-8451: A New CitrixBleed-Pattern Memory Overread Is Already Under Active Exploitation
Citrix patched CVE-2026-8451, a pre-auth memory overread in NetScaler's SAML IdP parser that leaks session tokens — and attackers were already exploiting it within 24 hours of disclosure.
DuneSlide: Zero-Click Prompt Injection Chains to Full RCE in Cursor IDE (CVE-2026-50548, CVE-2026-50549)
Two critical Cursor IDE flaws, dubbed DuneSlide, let a poisoned MCP response or web search result steer the agent's own sandbox into overwriting its enforcement binary — zero-click prompt injection to unsandboxed remote code execution, patched in Cursor 3.0.
GuardFall: Decades-Old Bash Quoting Tricks Defeat Safety Guards in 10 of 11 Open-Source AI Coding Agents
Adversa AI's GuardFall research shows that quote removal, $IFS spacing, command substitution, and other decades-old shell tricks bypass the command guards in opencode, Goose, Cline, Aider, and seven other open-source AI coding agents — turning a poisoned README into silent credential theft.
Your Backup Server Is a Domain-Admin Factory: The Kill Chain Ransomware Operators Have Automated
The backup server is the highest-privilege machine in most environments and the least-hardened. Ransomware operators have known this for years and built repeatable kill chains around it. This is how they work and what it takes to stop them.
OptinMonster CDN Supply-Chain Attack: Tampered SDK Backdoors WordPress Admins
Attackers stole an Awesome Motive CDN key and laced the OptinMonster, TrustPulse, and PushEngage SDKs with code that creates rogue admins and plants a web shell — on up to 1.2M fully-patched sites.
Velvet Ant's Operation Highland: A China-Nexus APT Backdoored the Linux Auth Stack for a Decade
Sygnia's Operation Highland report details how the China-nexus group Velvet Ant hid in an isolated network for nearly a decade by backdooring pam_unix.so and OpenSSH binaries — no exploit, no dropped malware, no anomalous logs.
Red Hat Cloud Services npm Packages Hijacked in 'Miasma' Shai-Hulud Worm
A Mini Shai-Hulud wave dubbed 'Miasma' poisoned ~30 @redhat-cloud-services npm packages on June 1 via a compromised CI/CD pipeline, dropping a Bun-based credential stealer with a destructive dead-man switch.
codexui-android: npm Package Silently Exfiltrated OpenAI Codex Auth Tokens for a Month
A 29K-weekly-download npm package advertised as a remote web UI for OpenAI Codex has been quietly exfiltrating ~/.codex/auth.json — including non-expiring refresh tokens — to a fake Sentry endpoint since v0.1.82.
Malicious NuGet Package Impersonates Sicoob Banking SDK, Exfiltrates mTLS Certificates Through Sentry
A trojanized NuGet package posing as the official Sicoob C# SDK reads PFX certificates off disk and ships them, plus the password, to an attacker-controlled Sentry endpoint — abusing a trusted telemetry service as its exfiltration channel.
TrapDoor: Cross-Ecosystem Supply Chain Attack Plants Credential Stealers and AI-Assistant Backdoors
A coordinated campaign across npm, PyPI, and Crates.io seeded 34+ malicious packages that steal developer secrets and plant hidden instructions to weaponize AI coding assistants.
Megalodon: 5,561 GitHub Repos Backdoored With Malicious CI/CD Workflows in Six Hours
An automated campaign tied to TeamPCP pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window, planting CI/CD workflows that exfiltrate cloud credentials and OIDC tokens at scale.
Laravel-Lang Supply Chain Attack: 233 Package Versions Backdoored to Steal Cloud and CI/CD Secrets
Attackers repointed git tags across four Laravel-Lang Composer packages to a malicious fork, backdooring 233 versions with a credential stealer that drains cloud, CI/CD, and developer secrets.
actions-cool/issues-helper Compromised: Every Tag Repointed to a Credential-Stealing Imposter Commit
An attacker repointed all 53 tags of the popular actions-cool/issues-helper GitHub Action to a single imposter commit that scrapes live CI/CD secrets out of runner process memory.
RubyGems Disables New Signups After Hundreds of Malicious Packages Target Registry Staff
RubyGems froze new account registration after an attacker uploaded hundreds of malicious gems on May 11-12 specifically targeting RubyGems engineers, with XSS payloads and credential-stealing exploits embedded in the packages.
QLNX: A Stealthy Linux RAT Built To Rob Developer Workstations And Seed The Next Supply Chain Attack
Trend Micro disclosed QLNX, a previously undocumented Linux RAT engineered to harvest developer and CI credentials so operators can trojanize npm, PyPI, Docker Hub, and Kubernetes pipelines downstream.
DEEP#DOOR: Python Backdoor Hides C2 Behind bore.pub Tunneling Service to Steal Cloud and Browser Credentials
Securonix details DEEP#DOOR, a Python backdoor that uses the public bore.pub TCP tunneling service for C2, disables Defender/SmartScreen via batch loader, and harvests browser-stored cloud credentials from compromised hosts.
Mini Shai-Hulud: SAP, Intercom, and PyTorch Lightning Hit by Bun-Based Stealer in 48-Hour TeamPCP Cascade
TeamPCP's Mini Shai-Hulud campaign poisoned SAP CAP, Intercom, and PyTorch Lightning packages on April 29-30 with a Bun-runtime credential stealer that scrapes secrets directly from CI runner memory.
LiteLLM CVE-2026-42208: Pre-Auth SQLi in the AI Gateway, Exploited 36 Hours After Disclosure
A pre-authentication SQL injection in LiteLLM's auth path (CVSS 9.3) lets an unauthenticated attacker read and modify the proxy database — including upstream OpenAI and Anthropic API keys. First exploitation hit 36 hours after the advisory.
CanisterSprawl: Self-Propagating npm Worm Hits pgserve, Spreads to PyPI, Exfils to ICP Canister
Malicious pgserve, automagik, xinference, and kube-health releases drop a 1,143-line postinstall stealer that re-publishes itself using stolen npm tokens and exfiltrates to a decentralized ICP canister.
Marimo CVE-2026-39987: Pre-Auth RCE Exploited Within 10 Hours of Disclosure
A missing authentication check on Marimo's terminal WebSocket endpoint (CVE-2026-39987, CVSS 9.3) gave attackers a root shell with no credentials required — and they were actively exploiting it less than 10 hours after the advisory dropped.