Tag: credential theft

OpenAI said two of its employees were affected by a recent supply‑chain attack that compromised the popular open‑source library TanStack. The breach allowed hackers to insert malicious code into the library, steal limited credential material from internal repositories and briefly expose digital certificates used to sign OpenAI products. The company found no evidence that user data, production systems or intellectual property were compromised and is rotating the certificates, prompting a macOS update. The incident adds to a string of recent attacks on open‑source projects. Leggi di più

OpenClaw, the AI‑driven automation tool that has amassed over 347,000 GitHub stars since its November debut, received emergency patches this week for three high‑severity bugs. The most dangerous, CVE‑2026‑33579, scores between 8.1 and 9.8 out of 10 and lets a low‑level pairing credential silently elevate to full administrative rights, giving a malicious actor unrestricted access to the host’s files, accounts and connected services. Leggi di più

Cybercriminals are leveraging artificial intelligence to target the weakest link in cloud‑based software: user identities. AI accelerates the gathering of employee data, sifts massive credential dumps for high‑value accounts, creates realistic synthetic personas, and powers fully automated attack frameworks. These capabilities let attackers bypass traditional defenses, infiltrate SaaS environments, and operate undetected. Experts warn that organizations must shift security focus to continuous identity verification, behavioral analytics, and AI‑enhanced defenses to counter the growing AI‑enabled identity threat. Leggi di più

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leggi di più