#credential-theft
4 articles exploring credential-theft. Expert insights and analysis from our editorial team.
Articles
Bitwarden CLI Compromise Extends the Checkmarx [Supply-Chain Campaign](/articles/vercels-april-2026-database-leak-pivoted-from-lumma-stealer-at-context-ai-via/) to Credential Tooling
A trojanized @bitwarden/cli release spent 93 minutes on npm April 22. The Checkmarx-themed payload harvested credentials via preinstall hook, exposing vault session tokens.
CVE-2026-39987's 9-Hour Exploitation Window Exposes the Credential Gap at the Heart of AI Dev Infrastructure
CVE-2026-39987 gave attackers a root shell on Marimo in under 10 hours, targeting LLM API keys and AWS credentials that dev-grade notebook security routinely leaves exposed.
Marimo CVE-2026-39987: Pre-Auth RCE via /terminal/ws in Under 10 Hours
Marimo's /terminal/ws skipped validate_auth() on ≤0.20.4. Sysdig recorded exploitation 9h 41m after disclosure; .env credential theft completed in under three minutes.
TeamPCP Backdoored LiteLLM via a Poisoned CI Scanner: What It Means for Every AI Python Stack
TeamPCP stole LiteLLM's PyPI token through a compromised Trivy GitHub Action, shipping credential-stealing releases to 36% of monitored cloud environments.