The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Hosted on MSN

SAP npm hack steals developer credentials in supply-chain breach

Massive npm compromise: Four widely used SAP npm packages were hijacked with credential-stealing malware, potentially affecting thousands of builds. AI tool manipulation: Attackers embedded ...
Bleeping Computer

Credential-stealing Chrome extensions target enterprise HR platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking ...
Bleeping Computer

New stealthy Quasar Linux malware targets software developers

A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities. The malware kit is deployed in ...
The Journal

Report Finds Attackers Now Focus on Credential Theft to Access Systems

Attackers now focus on stealing legitimate credentials (usernames, passwords, tokens and access privileges) to access systems. The Cloudflare Threat Report shows that 4% of login attempts are ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...