PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware f...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1078 — Valid Accounts (Initial Access)
Clear filter32 articles found
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method.
A Latte Trouble: Starbucks HR Accounts Hit in Credential Theft Incident
Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing emplo...
2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025
Recorded Future's 2025 Identity Threat Landscape Report analyzes hundreds of millions of compromised credentials to reveal how infostealer malware is evolvin...
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by a...
An Investigation Into Years of Undetected Operations Targeting High-Value Sectors
In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft.
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds
Account Compromise Surged 389% in 2025, Says eSentire
An eSentire report showed credential theft accounted for 74% of all observed cyber threats in 2025
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating...
Credential stuffing: What it is and how to protect yourself
Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts