Dark Side Intelligence Category

Credential Leaks Intelligence

Infostealer malware campaigns (Lumma, RedLine, Vidar, StealC), combo list releases on dark web forums, credential stuffing operations, and enterprise exposure reports.

242 reports availableRefreshed every 5 minutes

Credential Leaks — Archive & Latest

50 reports loaded
Credential Leaks

GIFTEDCROOK, OtterCookie & BRICKSTORM: OTX Pulse Analysis — Multi-Vector Credential Theft Campaigns

Active campaigns by SHADOW-EARTH-066 and UNK_DeadDrop exploit WinRAR and GitHub to steal credentials. Urgent detection required.

Jul 8, 2026
Read →
Credential Leaks

CrySome RAT, Salat Stealer & UNK_MassTraction: Multi-Vector Credential Theft Operations — OTX Intel

Active campaigns deploy CrySome RAT and Salat Stealer for credential theft, while UNK_MassTraction exploits university mail servers. Immediate action required.

Jul 7, 2026
Read →
Credential Leaks

Gaming Platform Phishing & Credential Harvesting: Roblox/Minecraft Targeted Campaign Analysis

Active phishing campaign targeting children via fake Roblox/Minecraft sites. High urgency for Education sectors to block IOCs.

Jul 5, 2026
Read →
Credential Leaks

Pink Vishing & Global PhaaS Campaigns: OTX Credential Theft Analysis

Pink actor vishing, global smishing operations, and gaming credential theft target finance, telco, and education sectors.

Jul 4, 2026
Read →
Credential Leaks

Argamal RAT & Smishing-as-a-Service: Multi-Vector Credential Theft Campaigns — OTX Pulse Analysis

RAT via game mods & smishing ops targeting credentials across gaming, telecom, finance. High urgency: immediate blocking required.

Jul 4, 2026
Read →
Credential Leaks

BoryptGrab Stealer & Gafgyt C0XMO Botnet: OTX Pulse Analysis

Active campaigns deploying BoryptGrab stealer via GitHub impersonation and Gafgyt C0XMO botnet via router exploits. Credential theft focus.

Jul 3, 2026
Read →
Credential Leaks

SessionGate & BoryptGrab: TDS-Driven Infostealer Ecosystem OTX Analysis

Active campaigns using Traffic Distribution Systems (TDS) and GitHub impersonation to deploy SessionGate, RemusStealer, and BoryptGrab. Urgency: High.

Jul 3, 2026
Read →
Credential Leaks

TA4922 Global Expansion, Avalon Framework, and Malicious VPN Extensions: OTX Pulse Analysis — Credential Theft & Ransomware

OTX Pulse: TA4922, Avalon, and malicious VPNs drive a surge in credential theft and ransomware. Critical detection guidance inside.

Jul 3, 2026
Read →
Credential Leaks

RedLine, TONResolver & Blacksite: Global Credential Theft Surge — OTX Pulse Analysis

Multi-vector credential theft targeting maritime/hotel sectors via RedLine, TONResolver, and Blacksite AiTM kits. High urgency.

Jul 3, 2026
Read →
Credential Leaks

Akira Ransomware & Infostealer Swarm: OTX Pulse Analysis — Bumblebee, RedLine, and RMM Exploits

Active campaigns deploying Akira ransomware and stealers (RedLine, Ousaban) via SEO poisoning, RMM exploits, and AI framework vulnerabilities.

Jul 2, 2026
Read →
Credential Leaks

Bumblebee Loader, RedLine Stealer, and RMM Exploitation: OTX Pulse Analysis — Credential Theft & Ransomware Campaigns

Active campaigns leveraging SEO poisoning and RMM exploits to deliver Bumblebee, RedLine, and Djinn stealers, facilitating credential theft and Akira ransomware.

Jul 2, 2026
Read →
Credential Leaks

Credential Harvesting & Ransomware Delivery: Bumblebee, RedLine, and Ousaban Campaigns — OTX Pulse Analysis

Credential theft and ransomware delivery via SEO poisoning, RMM exploits, and maritime phishing targeting finance and tech. Urgency: High.

Jul 2, 2026
Read →
Credential Leaks

JINX-0164 & GHOST STADIUM: Multi-Vector Credential Theft & Ransomware Delivery Chain — OTX Pulse Analysis

Active campaigns leveraging SEO poisoning, RMM exploits, and phishing to deploy Vidar, Lumma, and Bumblebee. High urgency.

Jul 1, 2026
Read →
Credential Leaks

Bumblebee Loader & Akira Ransomware: SEO Poisoning and Supply Chain Attack Vector Analysis — Detection Engineering Pack

Active campaigns using Bumblebee, Djinn, and Lumma stealers via SEO poisoning and RMM exploits to deliver Akira ransomware. Urgency: High.

Jul 1, 2026
Read →
Credential Leaks

OTX Pulse Analysis: GHOST STADIUM, JINX-0164, and Bumblebee — Credential Theft & Ransomware Operations

Active campaigns leveraging trojanized installers, event-based phishing, and LinkedIn scams to deploy Akira, Vidar, and custom macOS stealers.

Jul 1, 2026
Read →
Credential Leaks

Rising Tide of Infostealers: Bumblebee, JINX-0164, and GHOST STADIUM Operations Targeting Critical Infrastructure

Active campaigns using SEO poisoning, RMM exploits, and phishing to deploy Lumma, Vidar, and Bumblebee. High urgency.

Jun 30, 2026
Read →
Credential Leaks

Bumblebee→Akira, KimJongRAT & Djinn Stealer: OTX Pulse Analysis — Multi-Vector Credential Theft Detection Pack

Five OTX pulses expose coordinated infostealer campaigns via SEO poisoning, RMM exploits, GitHub LOTS, and AI pipeline RCE targeting enterprise credentials.

Jun 30, 2026
Read →
Credential Leaks

Bumblebee, KimJongRAT & Djinn Stealer: Multi-Vector Credential Theft Campaigns — OTX Pulse Intelligence Brief

Five OTX pulses expose infostealer campaigns via SEO poisoning, RMM exploits, and LinkedIn social engineering targeting admins and developers. High urgency.

Jun 30, 2026
Read →
Credential Leaks

Operation Endgame Aftermath, Woodgnat & JINX-0164: Multi-Vector Infostealer & AI Infrastructure Exploitation

OTX Pulse analysis reveals active infostealer campaigns (Stealc, KimJongRAT), access brokers (Woodgnat), and exploitation of AI pipelines (Langflow). Urgency: High.

Jun 29, 2026
Read →
Credential Leaks

Operation Endgame, Woodgnat Mistic RAT & JINX-0164: OTX Pulse Analysis — Enterprise Detection Pack

Active MaaS takedowns mixed with new Woodgnat backdoor and JINX-0164 supply chain attacks. High credential theft urgency.

Jun 29, 2026
Read →
Credential Leaks

Operation Endgame Disruption & Emerging Access Brokers: Stealc, Woodgnat, and JINX-0164 Analysis

Stealc/Lumma C2 disruption alongside new Mistic backdoor and AUDIOFIX campaigns targeting crypto/tech. Urgency: High.

Jun 29, 2026
Read →
Credential Leaks

StealC, Mistic Backdoor & KimJongRAT: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal active infostealer (StealC), ransomware broker (Woodgnat), and APT (Kimsuky) campaigns. Immediate C2 blocking required.

Jun 28, 2026
Read →
Credential Leaks

Stealc, Amadey & Mistic Backdoor: Dark Web Infostealer & Access Broker Surge — OTX Pulse Analysis

OTX pulses reveal active campaigns by Stealc, Amadey, and Woodgnat's Mistic backdoor targeting enterprise credentials and facilitating ransomware access.

Jun 28, 2026
Read →
Credential Leaks

Infostealer Surge & Access Broker Operations: StealC, Amadey, and Mistic Backdoor Analysis

OTX pulses reveal active StealC, Amadey, and Mistic campaigns targeting credentials. Urgent detection engineering for infostealers and access brokers.

Jun 28, 2026
Read →
Credential Leaks

StealC, Woodgnat, and Crypto Supply Chain Assaults: OTX Pulse Analysis

Active MaaS campaigns (StealC/Amadey), targeted crypto supply chain attacks (JINX-0164), and Kimsuky RATs signal high credential theft risk.

Jun 27, 2026
Read →
Credential Leaks

StealC, Amadey, and Mistic: Multi-Vector Infostealer & Access Broker Surge — OTX Pulse Analysis

Active campaigns utilizing StealC, Amadey, and Mistic backdoor facilitate credential theft and initial access. Urgent blocking required.

Jun 27, 2026
Read →
Credential Leaks

StealC, Amadey, and JINX-0164: Cross-Platform Credential Theft Surge – OTX Pulse Analysis

Active infostealer campaigns (StealC, Amadey) and MacOS threats (JINX-0164) detected via OTX. Block IoCs immediately. Urgency: High.

Jun 27, 2026
Read →
Credential Leaks

Operation Endgame Disruption & Woodgnat Access Brokers: StealC, Amadey, and Mistic Backdoor Intel — Detection Pack

Op Endgame disrupts StealC/Amadey C2s; Woodgnat deploys Mistic backdoor alongside credential theft. High urgency hunts required.

Jun 26, 2026
Read →
Credential Leaks

StealC, Mistic, and Vidar: OTX Pulse Analysis of Multi-Vector Infostealer Operations — Enterprise Detection Pack

Surge in infostealer activity (StealC, Vidar, Mistic) targeting credentials & supply chains. Includes detection rules & IOCs.

Jun 26, 2026
Read →
Credential Leaks

StealC, Amadey, and Mistic Backdoor: Active Infostealer & Access Broker Campaigns — Detection Engineering

Operation Endgame disrupts Amadey/Stealc; new Mistic backdoor and KimJongRAT target critical sectors with credential theft.

Jun 26, 2026
Read →
Credential Leaks

StealC, Amadey & Mistic Backdoor: Credential Theft & Ransomware Access Analysis

Active infostealer campaigns (StealC, Amadey) and backdoors (Mistic, KimJongRAT) targeting credentials for ransomware access. Includes detection pack.

Jun 25, 2026
Read →
Credential Leaks

StealC, Amadey, and Mistic Backdoor: OTX Pulse Analysis — Enterprise Credential Theft & Access Brokerage

OTX pulses reveal active StealC, Amadey, and Woodgnat Mistic campaigns targeting credentials. C2 infrastructure and IAB activity detected. High urgency.

Jun 25, 2026
Read →
Credential Leaks

Infostealer Ecosystem & Credential Harvesting Operations: StealC, Amadey, Woodgnat & FortiBleed Campaigns — Enterprise Detection Pack

Coordinated infostealer campaigns targeting credentials & session tokens. Active access brokers (Woodgnat) & FortiGate harvesting detected. HIGH urgency.

Jun 25, 2026
Read →
Credential Leaks

StealC, Woodgnat & FortiBleed: Convergence of Infostealers and Access Brokers — OTX Pulse Analysis

Critical alert: High-volume infostealers (StealC, Lumma) and access broker Woodgnat targeting credentials and VPN infrastructure globally.

Jun 24, 2026
Read →
Credential Leaks

StealC, Mistic, and FortiBleed: OTX Pulse Analysis of Global Infostealers and Ransomware Access Brokers

OTX pulses reveal active StealC/Amadey infostealers, Mistic backdoor, and FortiBleed campaigns targeting FortiGate. Immediate credential hygiene and IOC blocking required.

Jun 24, 2026
Read →
Credential Leaks

SocGholish Takedowns & FortiBleed Infrastructure: OTX Pulse Analysis — Credential Harvesting Campaign

Analysis of SocGholish disruption, Okendo supply chain attacks, and FortiBleed credential harvesting. High urgency for credential reset.

Jun 23, 2026
Read →
Credential Leaks

SocGholish Disruption, SmartApeSG Supply Chain, and FortiBleed: Credential Theft & RAT Analysis

OTX Pulse analysis reveals multi-vector credential theft via fake updates, supply chain injection, and VPN brute-forcing targeting Finance/Retail.

Jun 23, 2026
Read →
Credential Leaks

Operation Endgame & SmartApeSG: SocGholish Takedown, Okendo Supply Chain Attack, and FortiBleed Credential Harvesting — Intel Brief

SocGholish disrupted by Op Endgame; SmartApeSG hits e-commerce via Okendo; FortiBleed targets VPNs. High-risk credential theft.

Jun 23, 2026
Read →
Credential Leaks

Operation Endgame Aftermath, Okendo Supply Chain & FortiBleed: Credential Theft Intel

SocGholish infrastructure disrupted, Okendo JS supply chain compromise, and FortiBleed VPN credential harvesting active. Urgent IOCs provided.

Jun 22, 2026
Read →
Credential Leaks

Operation Endgame, SocGholish Takedowns, and FortiBleed Credential Harvesting: OTX Pulse Analysis — Enterprise Detection Pack

Analysis of Operation Endgame disruption of SocGholish, Okendo supply chain attack, and FortiBleed VPN credential harvesting. High urgency.

Jun 22, 2026
Read →
Credential Leaks

Operation Endgame: SocGholish Disruption, Okendo Supply Chain Attack & FortiBleed Credential Harvesting — OTX Pulse Analysis

SocGholish infrastructure disrupted by law enforcement, Okendo supply chain compromised, and FortiBleed VPN credential harvesting active. High urgency.

Jun 22, 2026
Read →
Credential Leaks

Operation Endgame Disruption & AI-Driven ClickFix: OTX Pulse Analysis on SocGholish, SmartRAT, and Infostealer Supply Chains

OTX pulses reveal SocGholish disruption by Op Endgame, Okendo supply chain attacks, and AI-driven ClickFix campaigns delivering SmartRAT.

Jun 21, 2026
Read →
Credential Leaks

Operation Endgame Disruption & SmartRAT Credential Theft: OTX Pulse Analysis

Credential theft via SmartRAT & supply chain attacks rises as SocGholish falls. Detection engineering guide included.

Jun 21, 2026
Read →
Credential Leaks

Intelligence Brief: Operation Endgame Disruption, Okendo Supply Chain & ClickFix AI Campaigns

Active credential theft campaigns via Okendo supply chain, AI-powered ClickFix, and SocGholish remnants delivering SmartRAT, LummaC2, and stealers.

Jun 21, 2026
Read →
Credential Leaks

Operation Endgame Aftermath & SmartRAT ClickFix Surge: OTX Pulse Analysis

TA569 SocGholish infrastructure disrupted, but SmartRAT and infostealers surge via supply chain attacks and AI-driven ClickFix campaigns.

Jun 20, 2026
Read →
Credential Leaks

SocGholish Fake Updates, SmartRAT ClickFix & Infostealer Supply Chain: OTX Pulse Analysis

Active SocGholish, SmartRAT ClickFix, and Okendo supply chain attacks targeting finance and retail with credential theft malware.

Jun 20, 2026
Read →
Credential Leaks

Operation Endgame Disrupts SocGholish: Emerging INC Ransomware & Multi-Vector Infostealer Campaigns — Enterprise Detection Pack

Law enforcement disrupts SocGholish malware; INC ransomware rises; supply chain attacks target retail; infostealers and SmartRAT exploit AI-generated campaigns. HIGH urgency.

Jun 20, 2026
Read →
Credential Leaks

SocGholish Takedown, INC Ransomware Evolution & Supply Chain Injection: OTX Pulse Intelligence

Major law enforcement takedown of SocGholish infrastructure alongside rising INC Ransomware and SmartRAT supply chain attacks targeting finance and retail.

Jun 19, 2026
Read →
Credential Leaks

Operation Endgame Aftermath: SocGholish Disruption & AI-Generated ClickFix Infostealers

Critical analysis of SocGholish disruption, AI-powered ClickFix campaigns delivering SmartRAT, and the Okendo supply chain attack targeting retail credentials.

Jun 19, 2026
Read →
Credential Leaks

Operation Endgame Disruption & AI-Driven ClickFix: SocGholish, SmartRAT, and INC Ransomware Intelligence Briefing

OTX analysis of TA569 takedown, new SmartApeSG supply chain attacks, and AI-generated ClickFix campaigns delivering SmartRAT and INC ransomware.

Jun 19, 2026
Read →

Showing 50 of 242 reports. Archive expands automatically as new intel is generated.

Free Detection Rules Included

Every Credential LeaksReport Includes SIGMA & KQL Detection Rules

Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.