Credential Leaks Intelligence
Infostealer malware campaigns (Lumma, RedLine, Vidar, StealC), combo list releases on dark web forums, credential stuffing operations, and enterprise exposure reports.
Credential Leaks — Archive & Latest
KarstoRAT, LofyStealer & Malicious AI Extensions: OTX Pulse Analysis — Credential Theft & Supply Chain Threats
Emerging threats: KarstoRAT, ClickFix, LofyStealer, and malicious AI extensions target credentials via gaming lures, supply chain, and browser extensions. Urgency: High.
OTX Pulse Analysis: TeamPCP Supply Chain Attack, LofyStealer, & Lumma Campaigns
Active credential theft via PyPI compromise, ClickFix phishing, and mobile trojans targeting banking/gaming.
TeamPCP Supply Chain & Lumma Stealer Surge: Multi-Vector Credential Theft Campaign — OTX Analysis
OTX pulses reveal active TeamPCP and Lumma Stealer campaigns utilizing PyPI supply chain attacks, ClickFix phishing, and Android malware. Urgency: High.
Supply Chain & Stealer Surge: TeamPCP, Lumma, and KYCShadow — OTX Pulse Analysis
Active credential theft campaigns via PyPI supply chain (TeamPCP), ClickFix phishing (Lumma), and Android banking trojan (KYCShadow).
Lumma Stealer Resurgence & Supply Chain Attacks: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns using Lumma, LofyStealer, and TeamPCP via supply chain and phishing. Urgent credential theft risk.
OTX Pulse Analysis: Lumma, LofyStealer, and Supply Chain Attacks — Credential Theft Surge
OTX detects active credential theft campaigns via PyPI supply chain (TeamPCP), ClickFix phishing (Lumma), and Android trojans (KYCShadow). High urgency.
TeamPCP & Lumma Stealer Campaigns: OTX Pulse Analysis — Enterprise Credential Theft Detection Pack
Active infostealer campaigns via PyPI supply chain, ClickFix phishing, and Android malware targeting finance & gaming sectors. High urgency.
Supply Chain & Gaming Infostealer Surge: TeamPCP, LofyStealer & Lumma Campaigns — OTX Pulse Analysis
OTX pulses reveal active credential theft targeting developers (PyPI), gamers (Minecraft), and finance (Android). Block TeamPCP and LofyGang IOCs now.
Infostealer Surge: TeamPCP Supply Chain, LofyStealer & KYCShadow Analysis
Active infostealer campaigns via PyPI supply chain, ClickFix phishing, and fake KYC apps targeting finance/gaming sectors.
TeamPCP Supply Chain & Multi-Stage Infostealers: OTX Pulse Analysis — Lumma, LofyStealer, KYCShadow
Critical analysis of 5 active campaigns including TeamPCP's PyPI attack and Lumma Stealer variants. High urgency credential theft via supply chain and phishing.
TeamPCP PyPI Attack & Multi-Vector Infostealer Campaigns: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses expose TeamPCP's Python SDK attack, LofyStealer/Lumma campaigns, and KYCShadow Android trojan. High urgency credential theft.
Lumma Stealer, TeamPCP, and KYCShadow: Multi-Vector Credential Theft Ecosystem Analysis
High-volume credential theft campaigns targeting gamers, devs, and finance sectors via supply chain, mobile, and proxy vectors.
LofyStealer, Lumma & KYCShadow: Multi-Vector Credential Theft Surge — OTX Pulse Analysis
OTX pulses reveal credential theft surge via LofyStealer, Lumma, and KYCShadow using game mods, ClickFix, and PyPI supply chain attacks. Urgency: High.
GlassWorm, Lumma Stealer, and Xinference Compromise: Multi-Front Infostealer Assessment
Active campaigns target developers & finance via GlassWorm, Lumma, and KYCShadow. Urgent credential theft via supply chain & phishing.
Multi-Vector Infostealer Surge: Lumma, Rhadamanthys & PyPI Supply Chain Attacks — Detection Engineering
Critical surge in infostealers (Lumma, Rhadamanthys) via PyPI supply chain & AI lures targeting dev credentials. High urgency.
ClickFix, GachiLoader, and KYCShadow: Multi-Vector Credential Theft Campaigns - OTX Pulse Analysis
Active campaigns utilize ClickFix social engineering, AI lures, and fake KYC apps to deploy Lumma, Rhadamanthys, and banking trojans.
Multi-Vector Credential Theft: ClickFix, PyPI Poisoning & AI Agent Exploitation — OTX Pulse Analysis
Active infostealer campaigns using ClickFix social engineering, poisoned Python packages, and Cursor AI exploitation targeting finance & tech.
ClickFix, PyPI Poisoning, & AI Abuse: Coordinated Infostealer Surge — OTX Pulse Analysis
Active infostealer campaigns targeting devs & enterprises via AI abuse, PyPI supply chain attacks, and ClickFix social engineering.
Multi-Vector Infostealer Surge: ClickFix, PyPI Poisoning, and AI-Delivered AMOS
OTX Pulse analysis reveals credential theft campaigns using ClickFix, compromised Python packages, and AI agent exploitation. Critical urgency.
ClickFix, PyPI Supply Chain, and AI Agent Abuse: Multi-Vector Infostealer Campaign — Detection Pack
Active campaigns using ClickFix, PyPI poisoning, and Cursor AI abuse to deliver Lumma, AMOS, and GlassWorm. Urgent detection guidance.
Infostealer Surge: ClickFix, AI Agent Exploitation & PyPI Supply Chain Attacks
Active ClickFix and AI-driven campaigns delivering AMOS, Vidar, and Lumma stealers via PyPI and social engineering. Urgent blocking required.
Supply Chain & AI-Driven Infostealers: AMOS, Lumma, and GlassWorm Campaigns — OTX Pulse Analysis
Active campaigns targeting devs via poisoned PyPI/Docker images and AI agents to deliver AMOS and Lumma stealers. Urgent blocking required.
ClickFix, Supply Chain Poisoning, and Trigona Exfiltration: Multi-Vector Credential Theft Analysis
OTX Pulse data reveals active ClickFix, Docker, and Keitaro TDS campaigns deploying Lumma, Vidar, and Trigona ransomware.
ClickFix, GlassWorm & KICS Supply Chain Attacks: OTX Pulse Analysis — Multi-Vector Infostealer Campaigns
Live OTX analysis reveals ClickFix infostealers, GlassWorm dev attacks, and KICS supply chain compromises targeting finance and tech.
ClickFix & KICS Supply Chain: Trigona, GlassWorm, and Stealer Swarm — Enterprise Detection Pack
Active campaigns utilize ClickFix and poisoned Docker images to deliver Lumma, Trigona, and GlassWorm. Critical supply chain compromise detected.
TeamPCP Supply Chain Poisoning & ClickFix Infostealer Surge: OTX Pulse Analysis
TeamPCP targets KICS/Trivy; ClickFix delivers Lumma/Vidar; Trigona affiliates deploy custom exfil tools.
TeamPCP Supply Chain Onslaught & ClickFix Infostealers: Lumma, Vidar, Trigona Exfil Tooling — Detection Pack
Active TeamPCP supply chain attacks (KICS, Trivy) and ClickFix campaigns deploying Lumma/Vidar stealers. Critical credential theft risk.
Supply Chain Poisoning & Multi-Stage Infostealers: TwizAdmin, TeamPCP & Trigona Analysis
TeamPCP supply chain attacks on KICS/Trivy and TwizAdmin infostealer operations drive credential theft urgency. High risk.
TwizAdmin & ClickFix Campaigns: Infostealer & Supply Chain Attacks — OTX Pulse Analysis
DataBreachPlus & TeamPCP use TwizAdmin, ClickFix, and poisoned dev tools for credential theft & ransomware. Critical detection update.
TwizAdmin MaaS & TeamPCP Supply Chain: Multi-Vector Credential Theft Campaign
High urgency: Infostealers (TwizAdmin, Lumma) and supply chain attacks (KICS, Trivy) targeting infrastructure and crypto credentials.
Supply Chain & Multi-Stage Infostealers: TwizAdmin, Mach-O Man, and TeamPCP Analysis — Detection Pack
Active supply chain attacks by TeamPCP and multi-platform stealers like TwizAdmin and Mach-O Man threaten enterprise credentials. Urgent.
TwizAdmin, Mach-O Man & Void Dokkaebi: Multi-Platform Infostealer Surge & Supply Chain Attacks — OTX Pulse Analysis
Active campaigns utilize ClickFix, MaaS platforms, and repo poisoning to deploy infostealers and crypto clippers targeting enterprises.
TwizAdmin Infostealer, Lazarus Mach-O Man & Void Dokkaebi: Multi-Platform Credential Theft Surge
OTX pulses reveal active campaigns by DataBreachPlus, Lazarus, and Void Dokkaebi targeting macOS/Windows with credential theft, crypto clippers, and supply chain malware. Urgency: High.
TwizAdmin & Mach-O Man Credential Campaigns: ClickFix & Supply Chain Threats — Detection Pack
Surge in infostealer activity targeting macOS/Windows via ClickFix and fake job lures. Lazarus & DataBreachPlus active. Block critical IOCs immediately.
TwizAdmin, Mach-O Man & Void Dokkaebi: Multi-Platform Infostealer & Supply Chain Attacks
Active campaigns by Lazarus & DataBreachPlus target devs & macOS via ClickFix & repo poisoning to steal credentials and crypto assets.
The Gentlemen RaaS & Void Dokkaebi Supply Chain: OTX Pulse Analysis — Multi-Vector Credential Theft
Active campaigns targeting devs via fake repos & FortiOS flaws. Urgent credential theft & ransomware risk.
Void Dokkaebi Supply Chain & The Gentlemen RaaS: OTX Pulse Analysis — Enterprise Detection Pack
Critical: Active supply chain attacks targeting devs, ClickFix credential theft, and Gentlemen ransomware exploiting FortiOS CVEs.
The Gentlemen RaaS, macOS ClickFix & AdaptixC2: Multi-Vector Infostealer & Credential Theft Analysis
Active RaaS (The Gentlemen) and macOS ClickFix campaigns target credentials & crypto via CVE exploits & social engineering.
The Gentlemen RaaS, AdaptixC2 Framework, and SystemBC Proxy: OTX Pulse Analysis
Detection of The Gentlemen RaaS expansion utilizing SystemBC and AdaptixC2 frameworks, plus IoT botnet exploits.
The Gentlemen RaaS, SystemBC Proxy & AdaptixC2: OTX Pulse Analysis
The Gentlemen ransomware group exploits FortiOS CVEs using SystemBC. AdaptixC2 framework emerges as a C2 threat alongside Nexcorium Mirai.
The Gentlemen RaaS, AdaptixC2 Framework & Speagle Infostealer: OTX Pulse Analysis
Analysis of Speagle infostealer, AdaptixC2 framework, and Gentlemen ransomware. Urgent patching for FortiOS and DocGuard required.
NWHStealer, Speagle & The Gentlemen: OTX Pulse Analysis on Multi-Vector Infostealer Campaigns
Active credential theft campaigns via fake VPNs and supply chain attacks (NWHStealer, Speagle), coupled with The Gentlemen ransomware exploits. High urgency.
The Gentlemen RaaS, Speagle Supply Chain & notnullOSX: OTX Pulse Analysis
Active RaaS, supply chain, and macOS stealers detected. High urgency for credential theft.
The Gentlemen RaaS, Speagle Supply Chain & notnullOSX: Multi-Vector Credential Theft Analysis
OTX analysis of The Gentlemen RaaS, Infostealer.Speagle supply chain, and macOS notnullOSX campaigns targeting credentials & crypto.
The Gentlemen & notnullOSX Stealers: Multi-Vector Infostealer Campaign Analysis — Enterprise Detection Pack
The Gentlemen ransomware and notnullOSX stealer campaigns targeting credentials via FortiOS exploits and macOS vectors
Infostealer Surge: Speagle, NKAbuse, and CGrabber Targeting Enterprise Credentials
Active credential theft campaigns via supply chain (Cobra DocGuard), fake VPNs, and NKN blockchain C2s detected. High urgency.
Speagle, NWHStealer & Direct-Sys Loader: Multi-Platform Infostealer & Supply Chain Attack Analysis
Critical infostealer surge targeting DocGuard users, macOS crypto wallets, and fake VPN sites via supply chain and typosquatting.
NKAbuse Botnet, APT28 Roundcube & Multi-Platform Stealers: OTX Pulse Analysis — Detection Pack
NKAbuse, NWHStealer, and APT28 toolkits target credentials via HuggingFace, fake VPNs, and webmail exploits.
NKAbuse, notnullOSX & APT28 Roundcube Toolkit: Enterprise Credential Theft & Infostealer Swarm
High-volume credential theft surge targeting Windows, macOS, and webmail via novel vectors including HuggingFace exploits and ClickFix.
NWHStealer, notnullOSX, and APT28 Roundcube: OTX Pulse Analysis — Enterprise Detection Pack
Active infostealer campaigns (NWHStealer, notnullOSX) target crypto/credentials; APT28 exploits Roundcube. Urgent IOCs.
Showing 50 of 58 reports. Archive expands automatically as new intel is generated.
Every Credential LeaksReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.