Cremit
/incidentsfield log
CatchesCampaignsExfilPatternsLLMIncidentsMethodology
↺rss↗cremit.io

incidents.cremit.io

A reference feed of real-world Non-Human Identity (NHI) credential leak incidents. Maintained by Cremit.

Browse

  • All incidents
  • npm supply chain
  • CI/CD compromise
  • Methodology

Subscribe

  • RSS feed
  • @cremit_io
  • GitHub
// status
monitor active
// build
2026-07-04
// origin
cremit · seoul, kr
// license
CC BY 4.0

© 2026 Cremit. content reuse encouraged with attribution.

campaigns/owner-change wave

active

refire #192
members
0
combined blast
—
last alerted
2026-06-06
2026-06-06
fire count
192
first alerted 2026-05-19

// members

Every caught package that currently matches this cluster's axis, replayed live over the last 7 days. Snippets show where the cluster identifier appears in the package's static excerpt or which takeover heuristic fired.

// publishers in this wave

Same wave, split by the publisher who pushed each malicious version. Corporate ownership transfers (one bot pumping several scoped names) look different from real dormant takeovers (many unrelated dormant maintainers tripping in parallel) — the split makes the shape visible.

← back to all campaigns