Skip to main content

Tag: credential stealing

5 articles

Disrupted open-source workspace with laptop, notes, and coding materials amidst blurred cityscape background.

Miasma Worm Source Code Leaked, Threatens Open-Source Ecosystem

The Miasma worm's source code leak is a game-changer, putting the entire open-source ecosystem at risk after already infiltrating 73 Microsoft repositories on GitHub. This credential-stealing attack framework operates autonomously, spreading rapidly by infecting developer machines and compromising legitimate repositories.

Analyst 207
Software development workspace with laptop and monitor displaying Git repository interface.

GitHub Tags Exploited to Deploy Credential-Stealing Malware

Malicious actors have manipulated hundreds of GitHub tags to spread credential-stealing malware through popular Laravel Lang localization packages, putting countless users at risk. By rewriting historical tags, attackers tricked Composer installations into downloading the malicious payload.

Analyst 207
Developer workstation with laptop and terminal screens near npm package repository, indicating a software development…

Grafana Breach Exposes Missed Security Step After TanStack Attack

A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Analyst 207
Developer installing software on laptop at cluttered desk with subtle signs of malware in the background.

Node-ipc Package Infected with Credential-Stealing Malware

A malicious update to the widely-used node-ipc library has infected thousands of projects with credential-stealing malware, posing a significant supply-chain risk for developer environments and CI systems. With over 690,000 weekly downloads, this single compromised library could be exfiltrating sensitive data from countless unsuspecting users.

Analyst 207
Laptop screen displays warning symbol amidst dim cityscape, with distorted padlock and cascading binary code.

CPUID Website Compromised, Serves Malware via HWMonitor Downloads

For six hours, unsuspecting visitors to the CPUID website were put at risk of having their passwords stolen when malicious malware was served in place of the HWMonitor tool they were trying to download. This alarming security breach highlights the vulnerability even trusted sites can have, leaving users to wonder if their sensitive information is safe.

Analyst 207