credentials
Coverage of credentials in the Nexus archive.
- Why Post-Quantum Cryptography Starts With Credentials
Current encrypted data, such as credentials, may lose confidentiality in the future as quantum computers could break public-key cryptography. While existing machines cannot yet compromise elliptic curve cryptography or RSA, rapid advancements in quantum hardware necessitate new protective measures for organizational data.
- The Top 10 Attack Surface Exposures in 2026
The article highlights that breaches often originate from non-zero-day vulnerabilities, such as brute-forced admin panels and reused credentials. It specifically mentions the MongoBleed vulnerability, which allows attackers to extract credentials and session tokens from server memory without authentication, emphasizing the risks to internet-facing systems.
- Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials.
- Rust-Written IronWorm Hits NPM Supply Chain
A Rust-written malware called IronWorm is targeting the NPM supply chain to steal developer credentials and reuse them for propagation. The campaign focuses on compromising software supply channels through credential theft.
- Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
The 'Megalodon' malware campaign infected over 5,500 GitHub repositories within six hours, using malicious commits to steal credentials and developer secrets. The attack highlights a rapid and stealthy security breach targeting software development platforms.
- OpenClaw Insider Builds the Enterprise Safety Layer the Project Never Shipped
Red Hat principal engineer and OpenClaw maintainer Sally O'Malley released Tank OS, a tool that isolates AI agents in containers to secure credentials and prevent interference with the host machine or other agents.
- China-linked hackers led phishing campaigns targeting journalists and activists, researchers say
China-linked hackers conducted phishing campaigns targeting journalists and activists to steal credentials, likely to support follow-on operations aligned with the Chinese government's interests, according to a report.
- Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
Vibe coding platform Lovable denied allegations of a data leak where users' sensitive information could be accessed, initially blaming 'intentional behavior' and unclear documentation. The company later shifted blame to HackerOne, a bug-bounty service, amid criticism for mishandling vulnerability reports.