All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Credential threats in April 2026: Supply chain attacks and 28 million exposed secrets

APT28 hijacked 18,000 routers to steal OAuth tokens. Storm-2372 bypassed MFA without touching a password. 28.6 million secrets leaked on GitHub. April 2026's biggest incidents — and what they have in…

Read the full article
1mo agoen

You might also wanna read

Injective npm Supply Chain Attack: 18 Packages Backdoored to Steal Crypto Wallet Keys

On July 8, 2026, attackers used access to a trusted developer's account to slip a backdoor into a widely used software development kit for t

Step Security·1d ago

GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package

A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent.

grith.ai·4mo ago

317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.

safedep.io·1mo ago

September 2025 NPM supply-chain attack compromises popular JavaScript packages

In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at

projectptixiakis.github.io·1mo ago

Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware

Dozens of packages in the @redhat-cloud-services npm namespace were backdoored with credential-stealing malware aimed at Red Hat developers

briefly.co·1mo ago

Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories

A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr

Step Security·1mo ago

Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories

A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr

stepsecurity.io·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.