Skip to main content

Tag: credential exfiltration

5 articles

Office worker's desk with laptop, purchase order, and suspicious files.

PureLogs Infostealer Exploits Purchase Order Phishing Lures

Beware of purchase order phishing scams that can deliver a powerful infostealer, capable of stealing sensitive credentials and cryptocurrency keys, via a simple yet cleverly disguised email with a malicious RAR attachment. Even security software can be fooled, as one campaign was only flagged as a threat after it was already sent.

Analyst 207
A laptop on a simple desk in a corporate office with a blurred background of cubicles and a hint of a coding workspace on…

TanStack Supply Chain Attack Targets OpenAI, Forces macOS Updates

OpenAI sprang into action after detecting a sneaky supply chain attack targeting TanStack, quickly investigating and containing the threat to protect its systems. The attack impacted just two employee devices, with limited internal code repositories and credential material compromised.

Analyst 207
Developer workstation with npm package management software on laptop screen, surrounded by clutter, with cityscape visible…

OpenAI Disrupted in TanStack npm Supply Chain Breach

Malicious packages have rocked the TanStack npm supply chain, with 84 tainted versions of 42 @tanstack/* packages published, drawing OpenAI into the crisis and prompting urgent action to secure its systems. The AI company has confirmed that attackers compromised two employee devices, stealing credentials and forcing a reset across multiple desktop products.

Analyst 207
Cluttered software development workstation with laptop, monitor, and papers in an office environment.

OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack

OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.

Analyst 207
Windows laptop on cluttered desk with smartphone nearby, displaying blurred login screen.

CloudZ Malware Exploits Phone Link to Harvest SMS OTPs

Beware of CloudZ malware, a sneaky Windows threat that's been stealing SMS messages and one-time passwords since January 2026 by exploiting Microsoft's Phone Link app. This malicious duo, paired with the Pheno plugin, can capture mobile authentication data without ever touching your smartphone.

Analyst 207