Credential threats in April 2026: Supply chain attacks and 28 million exposed secrets
APT28 hijacked 18,000 routers to steal OAuth tokens. Storm-2372 bypassed MFA without touching a password. 28.6 million secrets leaked on GitHub. April 2026's biggest incidents — and what they have in…
Read the full articleYou might also wanna read

Injective npm Supply Chain Attack: 18 Packages Backdoored to Steal Crypto Wallet Keys
On July 8, 2026, attackers used access to a trusted developer's account to slip a backdoor into a widely used software development kit for t
GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package
A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent.
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at
Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware
Dozens of packages in the @redhat-cloud-services npm namespace were backdoored with credential-stealing malware aimed at Red Hat developers
Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories
A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr
Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories
A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr

Comments
Sign in to join the conversation.
No comments yet. Be the first.