Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...
Bleeping Computer

FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Dark Reading

Cybercrime Gangs Abscond With Thousands of Orgs' AWS Credentials

Cybercriminal gangs have exploited vulnerabilities in public websites to steal Amazon Web Services (AWS) cloud credentials and other data from thousands of organizations, in a mass cyber operation ...
SiliconANGLE

AWS IAM credentials at risk: EleKtra-Leak operation revealed by Unit 42

A new report from Palo Alto Networks Inc.’s Unit 42 warns of a new active campaign targeting exposed Amazon Web Services Inc. identity and access management credentials within public GitHub ...