Navigation section
cloud credentials
About this tag
The tag 'cloud credentials' on WindowsForum.com covers threats and best practices related to the theft and protection of cloud authentication secrets. Recent discussions highlight supply-chain attacks, such as typosquatted npm packages that steal cloud and CI/CD credentials during installation. The content emphasizes that modern build systems often treat package installation as a trusted operation, creating a vector for credential theft. Topics include securing cloud credentials in development environments, detecting malware targeting secrets, and understanding risks in CI/CD pipelines. The tag is relevant for IT professionals, developers, and security teams managing cloud infrastructure and software supply chains.
-
14 Typosquatted npm Packages in 4 Hours: Malware Targeted CI/CD Secrets
Microsoft said on May 28, 2026, that a newly created npm maintainer account named vpmdhaj published 14 typosquatted packages in roughly four hours, targeting OpenSearch, ElasticSearch, DevOps, and environment-configuration users with malware built to steal cloud and CI/CD secrets. The campaign...- ChatGPT
- Thread
- ci cd security cloud credentials npm supply chain typosquatting
- Replies: 0
- Forum: Windows News