credential theft — 9 Technical Articles

Apr 28, 2026 · Information Security

Hackers Exploit React2Shell via Telegram Bot, Breaching Over 900 Companies

A publicly exposed server revealed a large‑scale automated attack in which threat actors used the Bissa scanner tool, AI‑assisted code, and hard‑coded Telegram bots to exploit the React2Shell (CVE‑2025‑55182) vulnerability, stealing credentials from more than 900 enterprises and reporting each success in real time.

AutomationBissa scannerCVE-2025-55182

0 likes · 7 min read

Hackers Exploit React2Shell via Telegram Bot, Breaching Over 900 Companies

Black & White Path

Apr 7, 2026 · Information Security

How Attackers Exploit Outlook 365 to Force Capture of NTLM Hashes

Security researchers reveal that by embedding malicious UNC paths in specially crafted Outlook 365 emails or meeting invites, attackers can trigger automatic SMB authentication, steal the victim’s Net‑NTLMv2 hash, and subsequently perform offline cracking or NTLM relay attacks, posing a high‑stealth threat to enterprises.

NTLMNTLM relayOutlook 365

0 likes · 5 min read

How Attackers Exploit Outlook 365 to Force Capture of NTLM Hashes

Old Zhang's AI Learning

Mar 25, 2026 · Information Security

Litellm Supply‑Chain Poisoning: Why You Must Stop Updating the Library Immediately

A malicious PyPI release of litellm (version 1.82.8) injects a .pth file that auto‑executes, harvests SSH keys, cloud credentials, and other secrets, encrypts them, exfiltrates to a fake domain, and can spread through Kubernetes, prompting urgent removal and credential rotation.

KubernetesLiteLLMPython

0 likes · 7 min read

Litellm Supply‑Chain Poisoning: Why You Must Stop Updating the Library Immediately

21CTO

Mar 25, 2026 · Information Security

How a Supply‑Chain Attack Compromised LiteLLM and Stole Every Credential

A supply‑chain breach of the popular LiteLLM Python library injected malicious .pth files that silently harvest SSH keys, cloud credentials, and other secrets, deploy persistent backdoors, and spread through downstream packages, prompting urgent detection and remediation steps for developers.

DevOps SecurityLiteLLMMalware

0 likes · 8 min read

How a Supply‑Chain Attack Compromised LiteLLM and Stole Every Credential

AI Engineering

Mar 25, 2026 · Information Security

LiteLLM Supply‑Chain Attack Exposes API Keys – What the Malicious PyPI Packages Do

The article details how compromised LiteLLM versions 1.82.7 and 1.82.8 on PyPI embed a malicious .pth file that runs on every Python start, harvests credentials, exfiltrates them via an unauthenticated endpoint, and creates Kubernetes pods for lateral movement, then provides detection and remediation steps.

Information SecurityKubernetesLiteLLM

0 likes · 6 min read

LiteLLM Supply‑Chain Attack Exposes API Keys – What the Malicious PyPI Packages Do

Black & White Path

Mar 21, 2026 · Information Security

GhostClaw/GhostLoader Malware Deep Dive: GitHub Repo and AI Workflow Attacks on macOS

The report details how the GhostClaw/GhostLoader campaign leverages trusted GitHub repositories and AI‑assisted development workflows to deliver a multi‑stage macOS payload that steals credentials, contacts a single C2 domain, and establishes persistence, while providing blue‑team detection and mitigation guidance.

AI workflowGitHubMalware

0 likes · 18 min read

GhostClaw/GhostLoader Malware Deep Dive: GitHub Repo and AI Workflow Attacks on macOS

Black & White Path

Feb 17, 2026 · Information Security

Malicious Chrome Extensions Disguised as AI Assistants Steal Credentials – The AiFrame Campaign

Over 300,000 users have installed 30 malicious Chrome extensions that pose as AI assistants, stealing account credentials, email content and browsing data; the most popular, Gemini AI Sidebar, had 80,000 installs before removal, and the extensions share a common backend infrastructure.

AI assistantsChrome extensionsGmail phishing

0 likes · 5 min read

Malicious Chrome Extensions Disguised as AI Assistants Steal Credentials – The AiFrame Campaign

Ops Development & AI Practice

Sep 2, 2025 · Information Security

How a Tiny XSS Bug in Dev Environments Can Compromise Production Secrets

The article reveals how a seemingly harmless XSS flaw in an internal development platform can be weaponized to steal high‑privilege credentials, pivot across internal services, and ultimately breach production systems, urging teams to treat development environments as critical security frontiers.

Application SecurityDevOps SecurityInfrastructure

0 likes · 9 min read

How a Tiny XSS Bug in Dev Environments Can Compromise Production Secrets

DevOps Cloud Academy

Dec 6, 2019 · Information Security

Jenkins Security Threats: Attack Vectors, Exploitation Techniques, and Mitigation Strategies

This article examines how adversaries target Jenkins automation servers, detailing common discovery methods, exploitation techniques such as Java deserialization and mis‑configured authentication, and practical red‑team demonstrations of credential extraction, script‑console abuse, and malicious job creation to illustrate mitigation recommendations.

CI/CDDevOpsJenkins

0 likes · 14 min read

Jenkins Security Threats: Attack Vectors, Exploitation Techniques, and Mitigation Strategies