RC RANDOM CHAOS

credential theft

9 posts

Typosquatted Microsoft AI packages harvest developer credentials
Article

Typosquatted Microsoft AI packages harvest developer credentials

How attackers weaponised typosquatted Microsoft AI tooling to harvest OpenAI, HuggingFace, AWS, and Azure credentials from developer workstations.

Megalodon hijacked 55,000 GitHub repos via token replay
Article

Megalodon hijacked 55,000 GitHub repos via token replay

Megalodon compromised 55,000+ GitHub repositories through PAT harvesting, pull_request_target abuse, and OAuth scope inheritance. Technical breakdown.

Shai-Hulud worm compromises 314 npm packages
Article

Shai-Hulud worm compromises 314 npm packages

Shai-Hulud npm worm hits 314 more packages via compromised maintainer accounts. Mechanism, telemetry gaps, and residual exposure analyzed.

One chat message empties the credential vault
Article

One chat message empties the credential vault

CVE-2026-44843 produces credential theft on chat message receipt. No user action required. Operator analysis of the failure mode and exposure pattern.

Chat message steals your credentials
Article

Chat message steals your credentials

CVE-2026-44843 reduces credential theft to message receipt. The failure is identity boundary enforcement, not chat parsing. Operator breakdown.

CVE-2026-44843 turns one message into credential theft
Article

CVE-2026-44843 turns one message into credential theft

CVE-2026-44843 collapses the boundary between chat message receipt and credential disclosure. What failed, what is not confirmed, and what must change.

One message, credentials gone
Article

One message, credentials gone

CVE-2026-44843 enables credential theft on inbound chat message receipt. Operator breakdown of the failure boundary and required posture changes.

Your inbox is now your credential store.
Article

Your inbox is now your credential store.

CVE-2026-44843 turns a chat message into credential theft. Operator briefing on what failed, what is not confirmed, and what must now be true.

The Roblox cheat never touched Roblox
Article

The Roblox cheat never touched Roblox

How a Roblox cheat turned into a Vercel supply chain compromise - stealer to stolen token to dependency confusion to persistent build-pipeline access.