Why this exists.

Most public security feeds cover everything: ransomware, zero-days, breaches, extortion, geopolitics. The signal we care about — Non-Human Identity (NHI) credential leaks — gets buried in the noise.

incidents.cremit.io is a narrow-focus, reference-grade index of token and credential leak incidents. Every entry is sourced from primary disclosures, classified by attack vector and affected platform, scored against the Cremit NHI Severity Index, and mapped to the NHI Kill Chain stages where applicable.

The site is operated by Cremit, a Seoul-based security company building the leak detection and lifecycle management platform for machine identities. We started this index because our own research and customer work kept hitting the same problem: there was no stable, citable record of past NHI incidents to point to. So we made one.

What we cover

• API token, credential, and secret exposure events
• npm, PyPI, and other package ecosystem supply chain attacks
• CI/CD platform compromises (CircleCI, Codecov, GitHub Actions, etc.)
• OAuth abuse and third-party AI tool compromise paths
• Public repository leaks at meaningful scale

What we don't cover

• Generic ransomware or extortion stories without a NHI angle
• Speculative breach claims without ≥2 reputable sources
• Working exploit code or proof-of-concept payloads
• Anything paywalled or single-sourced without explicit disclosure

Standards

See methodology for the full collection, verification, and scoring rubric. All content is licensed under CC BY 4.0 — cite freely.