Injective SDK on npm infected with cryptocurrency wallet stealer Data Breaches Bleeping Computer
Bleeping Computer Jul 10, 2026 1 min read

Injective SDK on npm infected with cryptocurrency wallet stealer

Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. [...]

Lawmakers Demand Answers as CISA Tries to Contain Data Leak Data Breaches Krebs on Security
Krebs on Security Jul 10, 2026 6 min read

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data Data Breaches The Hacker News
The Hacker News Jul 10, 2026 1 min read

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones

The Verification Step Is the New ATO Battleground in 2026 Data Breaches The Hacker News
The Hacker News Jul 10, 2026 1 min read

The Verification Step Is the New ATO Battleground in 2026

For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That era is ending. Not because attackers gave up, but because the front door finally got harder to kick in. Passkeys are now mainstream.

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Data Breaches The Hacker News
The Hacker News Jul 10, 2026 1 min read

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was