New GopherWhisper APT group abuses Outlook, Slack, Discord for comms

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Google is making it dramatically easier to sign in to apps without OTP or link hassles

Google now lets Android apps verify your email in one tap, no OTP codes and no inbox hunting. Here's how the new Credential Manager API works.
Newsworthy.ai

MYTHOS Threat Intelligence Series — Part 6: T5 Credential Theft — HSM Keys, SWIFT Tokens, & More

Web Application Breaches Involve Stolen Credentials. 2.3 Million Bank Logins Are for Sale on the Dark Web Right Now. And Your ...