Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
32 articles

#Credential Theft

All CosmicBytez Labs articles tagged #Credential Theft, across news, security advisories, how-to guides, and projects.

  • NewsJun 1, 2026

    Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

    A new Mini Shai-Hulud supply chain campaign codenamed Miasma has compromised Red Hat's @redhat-cloud-services npm packages, deploying a self-propagating credential-stealing worm that targets developer machines and CI/CD secrets.

  • SecurityMay 27, 2026

    CVE-2026-48027: Nx Console Embedded Malicious Code — CISA KEV

    CISA adds CVE-2026-48027 to KEV after a malicious Nx Console VS Code extension was found harvesting credentials from disk and memory via obfuscation.

  • NewsMay 23, 2026

    Italy Disrupts CINEMAGOAL Piracy App That Stole Streaming

    Italian authorities have dismantled the CINEMAGOAL piracy ecosystem after the app was found to have been stealing authentication codes from streaming...

  • NewsMay 23, 2026

    Laravel-Lang PHP Packages Compromised to Deliver

    Multiple PHP packages belonging to the Laravel-Lang organization have been poisoned in a software supply chain attack, delivering a cross-platform...

  • NewsMay 20, 2026

    Ukraine Identifies Infostealer Operator Tied to 28,000

    Ukrainian cyberpolice, working with US law enforcement, identified an 18-year-old from Odesa suspected of running an infostealer malware operation that...

  • NewsMay 19, 2026

    Popular GitHub Action Tags Redirected to Imposter Commit to

    Threat actors have compromised the widely-used actions-cool/issues-helper GitHub Action, redirecting every existing tag to a malicious imposter commit...

  • NewsMay 17, 2026

    Inside the REMUS Infostealer: Session Theft, MaaS, and

    A Flare threat intelligence analysis breaks down the REMUS infostealer — a rapidly evolving credential theft tool built around stolen browser sessions and...

  • NewsMay 12, 2026

    Worm Redux: Fresh Mini Shai-Hulud Infections Bite npm

    Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...

  • NewsMay 10, 2026

    Quasar Linux RAT Steals Developer Credentials for Software

    A newly discovered Linux implant called Quasar Linux RAT (QLNX) is silently targeting software developers to harvest credentials, log keystrokes, and...

  • NewsMay 1, 2026

    1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, and

    The TeamPCP threat group's Mini Shai-Hulud supply chain campaign compromised SAP-related npm packages along with PyTorch Lightning and Intercom client...

  • NewsMay 1, 2026

    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for

    A new supply chain attack campaign dubbed BufferZoneCorp has been observed using sleeper packages in RubyGems and Go module registries to push...

  • NewsApr 30, 2026

    PyTorch Lightning and Intercom-client Hit in Supply Chain

    Threat actors compromised the popular Python PyPI package 'Lightning' — used for PyTorch model training — pushing malicious versions 2.6.2 and onward to...

  • NewsApr 29, 2026

    SAP-Related npm Packages Compromised in Credential-Stealing

    Security researchers have uncovered a coordinated supply chain attack campaign dubbed 'mini Shai-H' targeting SAP-related npm packages, injecting...

  • NewsApr 21, 2026

    Cloud Platform Vercel Says Company Breached Through

    Vercel has confirmed a security breach in which limited customer credentials were exposed after an employee's workstation was compromised through malware...

  • NewsApr 21, 2026

    No Exploit Needed: How Attackers Walk Through the Front

    Stolen credentials remain the dominant initial access vector in 2026 — no zero-days, no malware, just valid logins that blend in with normal activity...

  • NewsApr 19, 2026

    Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

    Following law enforcement disruption of the Tycoon 2FA platform, threat actors are reusing its tools and techniques across a wave of new phishing kits,...

  • NewsApr 11, 2026

    Your Next Breach Will Look Like Business as Usual

    Credential-based attacks now dominate the threat landscape, and traditional detection models are failing. Here are the fundamental shifts cybersecurity...

  • SecurityApr 11, 2026

    CVE-2026-5412: Juju Controller Facade Allows Low-Privilege

    An authorization flaw in Juju's Controller facade allows any authenticated low-privilege user to call the CloudSpec API and extract the cloud provider...

  • NewsApr 9, 2026

    Cryptocurrency ATM Giant Bitcoin Depot Reports $3.6 Million

    Bitcoin Depot, one of North America's largest Bitcoin ATM operators, has filed an SEC disclosure revealing a cyberattack in which threat actors gained...

  • NewsApr 7, 2026

    Authorities Disrupt APT28 Router DNS Hijacks Targeting

    An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...

  • NewsApr 5, 2026

    Hackers Exploit React2Shell in Automated Credential Theft

    Threat actors are running a large-scale, automated campaign exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js applications to steal...

  • NewsApr 4, 2026

    Device Code Phishing Attacks Surge 37x as New Kits Spread

    Device code phishing attacks abusing the OAuth 2.0 Device Authorization Grant flow have exploded 37-fold in 2026 as ready-made phishing kits proliferate...

  • SecurityApr 4, 2026

    CVE-2026-35560: Amazon Athena ODBC Driver Fails Certificate

    Improper certificate validation in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows man-in-the-middle attackers to intercept authentication...

  • NewsApr 2, 2026

    Claude Code Leak Used to Push Infostealer Malware on GitHub

    Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...

  • NewsApr 2, 2026

    Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts

    A large-scale credential harvesting campaign has been observed exploiting the React2Shell vulnerability (CVE-2025-55182) as an initial infection vector,...

  • NewsMar 31, 2026

    Stolen Logins Are Fueling Everything From Ransomware to

    A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...

  • SecurityMar 30, 2026

    CVE-2026-2370: GitLab Jira Connect Credential Impersonation

    GitLab has patched a high-severity vulnerability in its Jira Connect integration affecting CE/EE versions from 14.3 through 18.10 that allowed an...

  • NewsMar 28, 2026

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides

    The TeamPCP threat actor — behind previous supply chain attacks on Trivy, KICS, and litellm — has now compromised the telnyx Python package on PyPI,...

  • NewsMar 25, 2026

    LeakBase Admin Arrested in Russia Over Massive Stolen

    Russian law enforcement has arrested the alleged administrator of LeakBase — a credential marketplace operating since 2021 with 142,000 members and...

  • NewsMar 14, 2026

    GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

    The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...

  • NewsMar 12, 2026

    Researchers Disclose Critical n8n Flaws Enabling RCE and

    Security researchers have published details of two newly patched critical vulnerabilities in n8n — CVE-2026-27577 (CVSS 9.4), an expression sandbox escape...

  • NewsFeb 25, 2026

    Diesel Vortex: Russian Cybercrime Ring Steals 1,649

    A Russian-linked phishing operation dubbed Diesel Vortex has stolen over 1,649 credentials from major freight and logistics companies across the US and...