Token Theft

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines

• Malware

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines

Ddos May 21, 2026 0

A massive, fast-moving software supply chain attack has struck the global JavaScript development ecosystem. Over the past...

Read More Read more about Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines

Signature Bypass Alert: Critical Coder Flaw (CVE-2026-46354) Exposes Git Keys and Developer Tokens

• Vulnerability Report

Signature Bypass Alert: Critical Coder Flaw (CVE-2026-46354) Exposes Git Keys and Developer Tokens

Ddos May 21, 2026 0

Coder, the prominent self-hosted platform used by enterprises to build cloud development environments and manage AI coding...

Read More Read more about Signature Bypass Alert: Critical Coder Flaw (CVE-2026-46354) Exposes Git Keys and Developer Tokens

Keycloak Under Siege: Patch Now to Stop Token Theft and Account Takeovers

• Vulnerability Report

Keycloak Under Siege: Patch Now to Stop Token Theft and Account Takeovers

Ddos April 6, 2026 0

The popular open-source identity and access management solution Keycloak has released a critical security update, version 26.5.7,...

Read More Read more about Keycloak Under Siege: Patch Now to Stop Token Theft and Account Takeovers

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos

• Vulnerability Report

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos

Ddos February 11, 2026 0

GitLab has released a sweeping security update for its Community (CE) and Enterprise (EE) editions, patching a...

Read More Read more about GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts

• Cybercriminals

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts

Ddos December 22, 2025 0

Cybercriminals have found a new way to turn corporate security protocols against themselves, weaponizing a legitimate Microsoft...

Read More Read more about Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security

• Vulnerability

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security

Ddos July 29, 2025 0

ASUS has issued security updates to patch two vulnerabilities in its MyASUS software, a pre-installed utility application...

Read More Read more about Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security

Toptal GitHub Organization Compromised: Malicious npm Packages Steal Tokens & Wipe Systems

• Malware

Toptal GitHub Organization Compromised: Malicious npm Packages Steal Tokens & Wipe Systems

Ddos July 25, 2025 0

Socket’s Threat Research Team has discovered that at least 10 malicious packages were published to npm from...

Read More Read more about Toptal GitHub Organization Compromised: Malicious npm Packages Steal Tokens & Wipe Systems

Malicious PyPI Package Targets Discord Developers with Token Theft and Backdoor Exploit

• Malware

Malicious PyPI Package Targets Discord Developers with Token Theft and Backdoor Exploit

Ddos January 19, 2025 0

The Socket research team has identified a malicious Python package on PyPI named pycord-self, targeting developers working...

Read More Read more about Malicious PyPI Package Targets Discord Developers with Token Theft and Backdoor Exploit