Posts by Tag: credentials
all of the articles we have posted and linked so far under the tag: credentials
20 May 2026
Composer: Tokens Spilled on the CI Stage
TLDR and affected version summary for CVE-2026-45793, a Composer vulnerability that may expose GitHub authentication tokens in CI logs.
19 May 2026
Mini Shai-Hulud: 639 Packages Deep and Still Burrowing
TLDR and affected package summary for the latest wave of the Mini Shai-Hulud npm supply-chain campaign targeting antv and echarts-for-react.
19 May 2026
Nx Console: One Stolen Token, One Poisoned Marketplace
TLDR and affected version summary for the Nx Console VS Code extension compromise via a contributor's leaked GitHub PAT.
19 May 2026
VoidStealer: Reaching Past Chrome's Encryption
TLDR and details on VoidStealer, an infostealer bypassing Chrome's App-Bound Encryption to extract credentials and session data.
14 May 2026
Shadow Supply: The Package That Stole Your Secrets
TLDR and affected version summary for the node-ipc npm supply-chain compromise.