What is Lyrie Research?

Lyrie Research is an autonomous cybersecurity intelligence platform publishing verified threat intelligence including critical CVEs, active exploitation reports, breach analysis, and original research — every article cross-validated by 3+ primary sources.

How does Lyrie.ai protect against rogue AI threats?

Lyrie.ai uses machine-speed autonomous defense to detect and neutralize rogue AI, prompt injection, and AI supply chain attacks. It responds before human analysts can react.

What cybersecurity topics does Lyrie Research cover?

Lyrie Research covers CVE deep dives, CISA KEV actively exploited vulnerabilities, data breach forensics, original cybersecurity research, and AI threat intelligence including agent-based attacks.

How often is Lyrie Research updated?

Lyrie Research is updated continuously by the autonomous Lyrie Sentinel engine, publishing new threat intelligence multiple times daily as new CVEs, exploits, and breaches are confirmed.

Is Lyrie Research free to access?

Yes, all articles on Lyrie Research are freely accessible. For active protection by the same intelligence engine, visit lyrie.ai.

← Home

#credential-theft

34 stories tagged.

The Developer Is the New Perimeter: How QLNX and Shai-Hulud Are Turning Developer Workstations Into Supply Chain Launchpads

11 min · 0 sources

The Defender's Dilemma: CVE-2026-32202 NTLM Zero-Click, BlueHammer, RedSun, and UnDefend — Windows' Most Dangerous Fortnight in Years

11 min · 0 sources

The Worm That Crossed the Ecosystem: Mini Shai-Hulud's PyTorch Lightning Hijack and the Rise of Cross-Registry Supply Chain Attacks

10 min · 0 sources

The 11-Hour Data Heist: How a GitHub Actions PR Comment Poisoned 1.1M-Download PyPI Package elementary-data

9 min · 0 sources

The Data Pipeline That Became a Drain: How elementary-data's CI/CD Was Weaponized to Steal 1.1M-Download-Scale Cloud Credentials

9 min · 0 sources

\"A Mini Shai-Hulud Has Appeared\": How Attackers Turned SAP's npm Ecosystem Into a Credential Vacuum

9 min · 0 sources

The Worm That Won't Stop: TeamPCP's Mini Shai-Hulud Supply Chain Campaign Devours SAP, Bitwarden, and PyTorch Lightning

9 min · 0 sources

Shai-Hulud Devours the Ecosystem: TeamPCP's Cross-Ecosystem Supply Chain Blitz Hits PyTorch Lightning, SAP npm, Bitwarden, and Hundreds of CI/CD Pipelines

8 min · 0 sources

The IDE That Eats Itself: GlassWorm v2's Sleeper Extensions, Zig Dropper, and Cross-IDE Takeover of 50,000 Developer Machines

9 min · 0 sources

The Worm That Rode the Sandstorm: Mini Shai-Hulud's TeamPCP Supply Chain Assault Across PyPI, npm, and PHP

10 min · 0 sources

The Package That Waited: BufferZoneCorp's Sleeper Gems and Go Modules Reveal a New CI Pipeline Takeover Playbook

9 min · 0 sources

The AI Gateway Is the New Perimeter: CVE-2026-42208, LiteLLM's Pre-Auth SQL Injection, and the 36-Hour Exploit Window Nobody Warned You About

12 min · 0 sources

The Worm That Reads the Room: TeamPCP's Mini Shai-Hulud Crosses the PyPI/npm Divide and Poisons AI Infrastructure

10 min · 0 sources

The AI Framework Trojan: How PyTorch Lightning's PyPI Compromise Became the Most Dangerous Supply Chain Attack of 2026

11 min · 0 sources

When the Scanner Gets Scanned: How TeamPCP Turned Security Tools Into the Attack Surface — A Full Post-Mortem of the Trivy→Checkmarx→Bitwarden Cascade

12 min · 0 sources

The Worm That Codes Itself: TeamPCP's Mini Shai-Hulud and the Industrialization of Open-Source Supply Chain Attacks

11 min · 0 sources

The Authorization Header That Owns Your AI Stack: CVE-2026-42208 and the 36-Hour Exploitation of LiteLLM's Authentication Path

11 min · 0 sources

Before the Ransom Demand: The Definitive 2026 Defensive Playbook Against Initial Access Brokers and the Infostealer Pipeline

11 min · 0 sources

#credential-theft

QLNX: The Developer-Hunting Linux RAT That Turns Package Maintainers into Supply Chain Weapons

The Infostealer-to-Breach Pipeline: Enterprise Defense Playbook for 2026

The Credential Worm That Evicts Its Rivals: A PCPJack Cloud Defense Playbook

The Developer Is the New Perimeter: How QLNX and Shai-Hulud Are Turning Developer Workstations Into Supply Chain Launchpads

The Defender's Dilemma: CVE-2026-32202 NTLM Zero-Click, BlueHammer, RedSun, and UnDefend — Windows' Most Dangerous Fortnight in Years

The Browser Is the Battlefield: Enterprise Defensive Playbook for the GenAI Extension Epidemic

The $100 Skeleton Key: How the Infostealer → IAB → Ransomware Pipeline Works — and How to Break It

Comment and Control: How a Single GitHub PR Title Stole API Keys from Claude Code, Gemini CLI, and GitHub Copilot

The Worm That Eats Your Vault: Shai-Hulud's Bitwarden CLI Attack and the Definitive CI/CD Secrets Defense Playbook

Breaking the Infostealer Kill Chain: A Complete Defender's Playbook for the Credential-to-Ransomware Pipeline

Pipeline Poisoners: How BufferZoneCorp Weaponized Ruby Gems and Go Modules to Own CI/CD at the Build Stage

Worm Logic: TeamPCP's Shai-Hulud 'Third Coming' Compromises Bitwarden CLI and 796 npm Packages — A Full Post-Mortem

The Worm That Crossed the Ecosystem: Mini Shai-Hulud's PyTorch Lightning Hijack and the Rise of Cross-Registry Supply Chain Attacks

The 11-Hour Data Heist: How a GitHub Actions PR Comment Poisoned 1.1M-Download PyPI Package elementary-data

The Data Pipeline That Became a Drain: How elementary-data's CI/CD Was Weaponized to Steal 1.1M-Download-Scale Cloud Credentials

\"A Mini Shai-Hulud Has Appeared\": How Attackers Turned SAP's npm Ecosystem Into a Credential Vacuum

The Worm That Won't Stop: TeamPCP's Mini Shai-Hulud Supply Chain Campaign Devours SAP, Bitwarden, and PyTorch Lightning

Shai-Hulud Devours the Ecosystem: TeamPCP's Cross-Ecosystem Supply Chain Blitz Hits PyTorch Lightning, SAP npm, Bitwarden, and Hundreds of CI/CD Pipelines

The IDE That Eats Itself: GlassWorm v2's Sleeper Extensions, Zig Dropper, and Cross-IDE Takeover of 50,000 Developer Machines

The Worm That Rode the Sandstorm: Mini Shai-Hulud's TeamPCP Supply Chain Assault Across PyPI, npm, and PHP

The Package That Waited: BufferZoneCorp's Sleeper Gems and Go Modules Reveal a New CI Pipeline Takeover Playbook

The AI Gateway Is the New Perimeter: CVE-2026-42208, LiteLLM's Pre-Auth SQL Injection, and the 36-Hour Exploit Window Nobody Warned You About

The Worm That Reads the Room: TeamPCP's Mini Shai-Hulud Crosses the PyPI/npm Divide and Poisons AI Infrastructure

The AI Framework Trojan: How PyTorch Lightning's PyPI Compromise Became the Most Dangerous Supply Chain Attack of 2026

When the Scanner Gets Scanned: How TeamPCP Turned Security Tools Into the Attack Surface — A Full Post-Mortem of the Trivy→Checkmarx→Bitwarden Cascade

The Worm That Codes Itself: TeamPCP's Mini Shai-Hulud and the Industrialization of Open-Source Supply Chain Attacks

The Authorization Header That Owns Your AI Stack: CVE-2026-42208 and the 36-Hour Exploitation of LiteLLM's Authentication Path

The Trust Inversion: How TeamPCP Turned Your Security Scanner Into a CI/CD Master Key

CVE-2024-21413: Microsoft Outlook NTLM Credential Theft — Moniker Link Attack

CVE-2025-24054: Windows NTLM Hash Disclosure Spoofing — Actively Exploited

Comment and Control: How a PR Title Became a C2 Channel and Drained Secrets from Three AI Coding Agents

The 100 Million Download Backdoor: A Full Post-Mortem of the Axios npm Supply Chain Compromise

The Metadata Heist: Definitive 2026 Defensive Playbook Against SSRF → IMDS Cloud Credential Theft

Before the Ransom Demand: The Definitive 2026 Defensive Playbook Against Initial Access Brokers and the Infostealer Pipeline