Credential Theft
The latest Credential Theft coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Disabled Over 70 Open-Source Repositories After AI-Generated Credential Malware Discovery
Microsoft and GitHub have temporarily taken down more than 70 open-source repositories linked to Microsoft after security researchers discovered that attackers exploited AI coding tools to inject...
Miasma worm exploited AI agents to hijack 73 Microsoft repos via GitHub on June 5, 2026.
A new class of software supply chain attack has emerged, exploiting the very AI coding agents developers rely on to boost productivity. Dubbed the Miasma worm, this campaign—first observed in early...
GitHub Disables 73 Microsoft Repos After Malicious Commit via 'Miasma' AI Workspace
GitHub has taken the unprecedented step of disabling 73 repositories belonging to Microsoft after a malicious commit was detected in the Azure/durabletask repository on June 5, 2026. The commit was...
HPE Ops Tools Weaponized in Third-Party Breach to Steal Credentials
Microsoft Incident Response revealed on May 12, 2026, that attackers compromised a third-party IT services provider and used the provider's legitimate HPE Operations Manager and HPE Operations Agent...
Sapphire Sleet macOS Campaign Exploits Trust via Fake Updates, AppleScript & TCC Theft
Microsoft's latest threat intelligence report reveals a sophisticated macOS intrusion campaign by the North Korean threat actor Sapphire Sleet that bypasses traditional security models by exploiting...
Fake Windows Update MSI installers bypass security alerts to steal passwords and crypto wallets.
A sophisticated fake Windows Update campaign is distributing malware through malicious MSI installers that steal passwords, browser sessions, and cryptocurrency wallets. Security researchers have...
Bubble.io Phishing Campaign Targets Microsoft 365 Users: How No-Code Platforms Become Attack Vectors
Cybercriminals have weaponized Bubble.io, a legitimate no-code app development platform, to create convincing phishing pages that steal Microsoft 365 credentials. This attack vector represents a...
IBM Report: 300K ChatGPT Credentials Stolen - Enterprise Security Crisis
A staggering 300,000 ChatGPT credentials were exposed through infostealer malware in 2023, according to IBM's X-Force threat intelligence division, revealing a critical vulnerability in how...
Fake Windows 11 Updates in Facebook Ads Steal Passwords & Crypto: How to Stay Safe
A sophisticated malvertising campaign is exploiting Facebook's advertising platform to distribute fake Windows 11 updates, leading to credential theft and cryptocurrency wallet drainers. Security...
SolarWinds WHD Exploit Chain Exposed: How Attackers Stole High-Privilege Credentials
Microsoft security researchers have uncovered a sophisticated attack chain where threat actors exploited exposed SolarWinds Web Help Desk (WHD) instances in December, using them as initial beachheads...
Shai-Hulud 2.0 NPM Worm Threatens Windows Devs: Microsoft Issues Emergency Alert
Microsoft and U.S. cybersecurity authorities have issued an urgent warning about a sophisticated, self-replicating supply chain worm targeting the npm ecosystem, now being widely referred to as...
Keeper launches kernel memory shield against Windows in-memory credential theft
Keeper Security has launched Forcefield, a groundbreaking kernel-level memory protection technology designed specifically to combat the escalating threat of in-memory credential theft on Windows...