Advertisement
Megalodon Malware: GitHub Repo Compromise & Secret Theft
Analysis of the Megalodon malware campaign, which compromised over 5,500 GitHub repositories in six hours to steal developer credentials and sensitive secrets. Learn how
DBIR 2026: Vulnerability Exploitation Now Top Breach Vector
Verizon's 2026 DBIR reveals vulnerability exploitation as the leading breach vector, surpassing credential theft. AI accelerates attacks, patching delays persist, and
Microsoft Edge: Hardening Against Cleartext Password Exposure
Microsoft Edge will no longer load cleartext passwords into memory at startup, mitigating a significant local credential access risk for users.
PCPJack Worm Steals Cloud Credentials, Cleans TeamPCP Access
New PCPJack worm actively targets exposed cloud infrastructure, stealing credentials and removing existing TeamPCP infections. Understand its TTPs and mitigation.
Stealthy Quasar Linux (QLNX) Malware Targets Developers
New Quasar Linux (QLNX) malware is infecting developers' Linux systems, utilizing rootkit, backdoor, and credential-stealing techniques. Learn to detect and mitigate.
PyTorch Lightning 2.6.2/2.6.3 Compromise: Credential Theft Via Supply Chain
Threat actors injected malicious code into PyTorch Lightning versions 2.6.2 and 2.6.3 on PyPI, enabling credential theft via a supply chain attack. Urgent action
TeamPCP Supply Chain: Checkmarx KICS, Bitwarden CLI, xinference PyPI Attacks
TeamPCP resumes supply chain attacks with new compromises targeting Checkmarx KICS, Bitwarden CLI, and xinference PyPI. UNC6780 credential theft campaign continues.
UNC6783 Leverages BPOs to Steal Corporate Zendesk Tickets
New threat actor UNC6783 targets Business Process Outsourcing (BPO) providers to gain access to client Zendesk support tickets, risking sensitive data.
Routine Access Powers Intrusions: VPNs & RMM Tools Abused
Blackpoint Cyber's report reveals modern intrusions leverage routine access via compromised credentials, VPN abuse, RMM tools, and social engineering, not exploits.
DeepLoad Malware Leverages AI for Evasion and Credential Theft
DeepLoad, an AI-powered malware, uses massive junk code to evade detection while stealing credentials. Learn its TTPs and mitigation strategies.
Bubble Platform Abuse: Credential Phishing Targets Microsoft Accounts
Threat actors are abusing the Bubble no-code platform to host sophisticated phishing campaigns, bypassing traditional detection and targeting Microsoft account
Credential Theft Surge: Understanding Infostealer & AI Social Engineering
Credential theft surged in late 2025, driven by sophisticated infostealer malware and AI-enhanced social engineering. Learn to defend against evolving identity-based