Credential Leaks Intelligence
Infostealer malware campaigns (Lumma, RedLine, Vidar, StealC), combo list releases on dark web forums, credential stuffing operations, and enterprise exposure reports.
Credential Leaks — Archive & Latest
TwizAdmin, Mach-O Man & KICS Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active credential theft surge: Lazarus Mach-O Man, TwizAdmin crypto clipper & KICS Docker compromise. Immediate containment required.
TwizAdmin, Lazarus Mach-O Man & Supply Chain Attacks: OTX Pulse Analysis — Enterprise Detection Pack
Multi-vector threats targeting credentials: TwizAdmin clipper, Lazarus macOS malware, KICS supply chain compromise, and FrostyNeighbor espionage.
TwizAdmin, Lazarus Mach-O Man, and Supply Chain Attacks: OTX Pulse Analysis — Enterprise Credential Theft Surge
OTX pulses reveal widespread credential theft via TwizAdmin, Lazarus Mach-O Man, and supply chain attacks. High urgency.
TwizAdmin, Mach-O Man & KICS Supply Chain Compromise: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns deploying TwizAdmin, PureLogs, and poisoned Docker images targeting credentials and crypto assets. Immediate detection required.
Multi-Vector Credential Theft: TwizAdmin, Mach-O Man, and KICS Supply Chain Compromise
Active campaigns featuring TwizAdmin infostealer, Lazarus macOS malware, and poisoned Checkmarx Docker images targeting credentials.
TwizAdmin, Lazarus Mach-O Man & Supply Chain Attacks: Cross-Platform Credential Theft
Active OTX pulses reveal cross-platform infostealers (TwizAdmin, Lazarus Mach-O Man) and supply chain attacks (KICS). Immediate credential hunting required.
TwizAdmin MaaS & Lazarus Mach-O Man: Cross-Platform Infostealer Surge — OTX Pulse Analysis
Active campaigns by DataBreachPlus and Lazarus Group using TwizAdmin and Mach-O Man infostealers targeting finance and govt. Urgent detection required.
TwizAdmin MaaS, Lazarus Mach-O Man & Ghost CMS Supply Chain: OTX Pulse Analysis
Surge in credential theft via Ghost CMS exploits, steganography loaders, and MaaS operations. Critical urgency for Finance and Gov sectors.
Lazarus & WageMole Infostealer Surge: ClickFix, Supply Chain, and Steganography Tactics — OTX Pulse Analysis
Active credential theft campaigns using ClickFix, malicious Git repos, and steganography. Targets Finance & Tech. High urgency.
Infostealer Surge: Void Dokkaebi, Fox Tempest & PureLogs — OTX Pulse Analysis
Multiple active infostealer campaigns utilize fake job interviews, steganography, and fraudulent code-signing to target devs and enterprises.
Vidar v1.5, Gremlin & Void Dokkaebi: Cross-Platform Credential Harvesting & Supply Chain Threats — OTX Pulse Analysis
Active infostealer campaigns (Vidar, Gremlin) and NK-aligned supply chain attacks target devs and enterprise credentials. Urgency High.
Fox Tempest, Vidar v1.5 & macOS ClickFix: Enterprise Credential Theft Campaign
Active infostealer campaigns leveraging Fox Tempest-signed binaries, Go-compiled Vidar, and macOS ClickFix scripts targeting credentials.
Vidar v1.5, Gremlin Stealer & Shai-Hulud: Multi-Vector Credential Theft Campaign
Critical Alert: Vidar Go rewrite, Gremlin VM evasion, and npm Shai-Hulud worm active. Urgent credential theft risks identified.
Vidar v1.5 Go, Gremlin Stealer & Shai-Hulud: OTX Pulse Intelligence on Multi-Vector Infostealer Campaigns
Active infostealer campaigns (Vidar Go, Gremlin) and npm supply chain attacks targeting credentials. Block C2 IPs immediately.
Vidar v1.5, Gremlin & Shai-Hulud: OTX Pulse Analysis — Credential Theft Campaigns
Analysis of Vidar Go, Gremlin Stealer, and Shai-Hulud supply chain attacks. Urgent credential harvesting and RaaS activity detected.
Vidar v1.5 Go, Gremlin & SHub Reaper: Multi-Platform Infostealer Surge & SD-WAN Initial Access
Active campaigns using Vidar Go, Gremlin, and macOS SHub Reaper target credentials via SD-WAN exploits and fake installers.
Vidar v1.5, Gremlin, and SHub Reaper: Surge in Multi-Platform Infostealers & Edge Device Exploitation
Active campaigns leveraging Vidar Go, Gremlin Stealer, and macOS SHub Reaper alongside exploitation of Cisco/Fortinet edge devices.
Vidar v1.5, SHub Reaper, and UAT-8616: Multi-Vector Credential Harvesting and Edge Exploitation
Active campaigns involving Go-based Vidar, macOS SHub Reaper, and Cisco SD-WAN exploits by UAT-8616 threaten enterprise credentials. Urgent.
Gremlin & Vidar Infostealers + SD-WAN RaaS Attacks: OTX Pulse Analysis — Enterprise Detection Pack
Active credential theft via Gremlin/Vidar and SD-WAN exploitation. Urgent blocking required for C2 IPs and file hashes.
Gremlin Stealer, OtterCookie, and The Gentlemen RaaS: OTX Pulse Analysis — Enterprise Credential Theft & Infostealer Campaigns
Active campaigns using Gremlin Stealer and OtterCookie npm packages target credentials. High urgency.
Gremlin Stealer, OtterCookie & Vidar: OTX Pulse Analysis — Multi-Vector Credential Harvesting Campaigns
Active credential theft campaigns via npm supply chain (OtterCookie), GitHub trojanized repos (Vidar), and Cisco SD-WAN exploits. High urgency.
Gremlin, OtterCookie, and Vidar Surge: Credential Theft via Supply Chain and Edge Exploits
Active credential harvesting campaigns targeting enterprises via npm packages, GitHub lures, and SD-WAN exploits. Urgency: High.
Gremlin Stealer, OtterCookie, and Vidar: Multi-Vector Infostealer Campaigns Targeting Credentials and Data
OTX pulses reveal active infostealer campaigns (Gremlin, OtterCookie, Vidar) via npm, GitHub, and packed binaries. Urgent credential theft risk.
Multi-Vector Credential Harvesting: Gremlin, Vidar, and OtterCookie Campaigns via SD-WAN Exploits & NPM Supply Chain
Active OTX pulses reveal coordinated credential theft using NPM packages, Cisco SD-WAN exploits, and GitHub trojans. High urgency.
Gremlin Stealer & SD-WAN Exploitation: OTX Pulse Analysis — Multi-Vector Detection Pack
Active campaigns targeting credentials via Gremlin/OtterCookie stealers and SD-WAN exploits. Critical patching required.
Gremlin Stealer, OtterCookie, and The Gentlemen: Supply Chain, RaaS, and Credential Theft — OTX Pulse Analysis
OTX Pulse Alert: Surge in infostealers (Gremlin, OtterCookie) via npm/GitHub and RaaS (The Gentlemen). Urgent credential theft and edge exploitation risks.
Gremlin Stealer, SD-WAN Exploits & NPM Supply Chain Attacks: Credential Theft Campaigns — OTX Pulse Analysis
Active exploitation of Cisco SD-WAN and npm packages delivering Gremlin, Vidar, and OtterCookie stealers. Critical credential theft risk.
OtterCookie, Vidar Stealer, and The Gentlemen RaaS: Multi-Vector Credential Theft Campaign Analysis
Active infostealer campaigns targeting tech sector; immediate credential rotation recommended. High urgency.
The Gentlemen RaaS, TroyDen & AI-Generated Infostealers: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns delivering Redline, Lumma, and The Gentlemen ransomware via GitHub/npm supply chains and CVE exploits. Critical priority.
The Gentlemen RaaS & AI-Powered Infostealers: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns deploying The Gentlemen ransomware, Lumma, and Vidar via compromised npm packages and GitHub repositories. High urgency.
TroyDen Lure Factory, Lumma & OtterCookie: Multi-Vector Infostealer Campaign Analysis — Enterprise Detection Pack
Active infostealer campaigns targeting developers via GitHub/NuGet/npm. High urgency: credential theft, AI-generated lures, C2 infrastructure.
Supply Chain Swarm: Lumma, Vidar & OtterCookie Infostealers via Poisoned GitHub/NuGet Packages
Active campaigns use poisoned GitHub/NuGet/npm packages to deliver Lumma, Vidar, and OtterCookie stealers. Critical credential theft risk.
TroyDen AI Lures & Vidar Stealer: Multi-Vector Credential Theft and Ransomware Lead-in
High-volume infostealer campaigns using AI lures, supply chain attacks, and GitHub abuse targeting devs and gamers. Urgent IOC blocking required.
Emerging Infostealer Ecosystem: Lumma, Vidar, and AI-Generated Supply Chain Attacks
AI-generated GitHub lures, malicious NuGet packages, and AutoIt loaders deliver Lumma, Vidar, and Redline to steal credentials and deploy ransomware.
OTX Pulse Analysis: TroyDen Lure Factory, NuGet Supply Chain, and Mr_Rot13 cPanel Attacks — Enterprise Detection Pack
Active campaigns utilizing AI lures, NuGet typosquatting, and cPanel exploits to distribute Lumma, Vidar, and Ransomware. High urgency.
TroyDen AI-Generated Lures & Mr_Rot13 cPanel Backdoors: OTX Pulse Analysis — Enterprise Detection Pack
Active credential theft campaigns via AI-generated GitHub lures (TroyDen/Lumma) and cPanel exploitation (Mr_Rot13). Urgent blocking required.
LummaStealer Supply Chain & TukTuk Ransomware C2: Multi-Vector Infostealer Analysis
Active GitHub/NuGet campaigns and cPanel exploits delivering Lumma, Vidar, and TukTuk ransomware; urgent IOC blocking required.
Lumma, Vidar, and Mr_Rot13: Multi-Vector Infostealer & Ransomware Campaigns Analysis
Active campaigns leveraging AI-generated GitHub lures, NuGet typosquatting, and cPanel flaws to steal credentials and deploy ransomware.
TroyDen Lure Factory, NuGet Supply Chain & Remus Stealer v2: OTX Pulse Analysis — Enterprise Detection Pack
AI-generated GitHub lures and malicious NuGet packages distribute Lumma, Redline, and Needle stealers targeting dev environments.
Lumma Remus, PCPJack & NuGet Supply Chain: Multi-Front Credential Theft Campaign
Active campaigns feature malicious NuGet packages, Lumma's 64-bit Remus variant, PCPJack cloud worm, and PAN-OS zero-day exploitation for credential theft.
Supply Chain & Cloud Worms: Lumma Remus, PCPJack, and PAN-OS Zero-Day Analysis
Active credential theft via malicious NuGet packages, cloud worms, and PAN-OS zero-days. High urgency: Hunt for Lumma Remus and PCPJack now.
Supply Chain Surge & 64-bit Stealer Evolution: Lumma Remus, PCPJack, and NuGet Threats — OTX Pulse Analysis
Active campaigns via malicious NuGet packages, PCPJack cloud worm, and 64-bit Lumma variant target enterprise credentials.
Remus Infostealer, PCPJack Cloud Worm & NuGet Supply Chain: Enterprise Credential Theft Analysis
OTX pulses reveal coordinated credential theft via malicious NuGet packages, 64-bit Lumma Remus variant, and PCPJack cloud worm. Urgent IOCs included.
Lumma Remus, NuGet Supply Chain & Cloud Credential Harvesting: OTX Pulse Analysis
Active credential theft campaigns via NuGet supply chain, 64-bit Lumma Stealer (Remus), and PCPJack cloud worm. Urgent action required.
Lumma Stealer, PCPJack, and GriefLure: OTX Pulse Analysis — Enterprise Credential Theft & Cloud Worms
New infostealer variants and cloud worms detected via NuGet supply chain and APT phishing. Immediate hunting required.
Remus Infostealer, PCPJack Cloud Worm & PAN-OS Exploits: Multi-Vector Credential Theft Campaign Analysis
Supply chain attacks via NuGet, cloud worms targeting K8s, and PAN-OS zero-days converge in a massive credential theft campaign.
Lumma Stealer, PCPJack Cloud Worm, and PAN-OS Zero-Day Activity: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal active credential theft via malicious NuGet packages, the PCPJack cloud worm, and PAN-OS zero-day exploitation.
Operation GriefLure & Lumma Remus: Supply Chain, Cloud Worms, and Credential Theft — OTX Pulse Analysis
Active infostealer wave via NuGet supply chain, 64-bit Lumma variant, and PCPJack cloud worm targeting enterprise secrets.
Remus Stealer, CloudZ RAT & AI Extension Infostealers: OTX Pulse Analysis
Emerging infostealer variants Remus and CloudZ target browser encryption and OTPs via malicious AI extensions and social engineering.
ClickFix, Remus, and CloudZ: Multi-Vector Credential Theft Campaigns — OTX Pulse Analysis
OTX pulses reveal active infostealer campaigns via ClickFix lures, malicious AI extensions, and Remus/Lumma variants targeting browser credentials and OTPs.
Showing 50 of 117 reports. Archive expands automatically as new intel is generated.
Every Credential LeaksReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.