Cremit
/incidentsfield log
CatchesCampaignsExfilPatternsLLMIncidentsMethodology
↺rss↗cremit.io

incidents.cremit.io

A reference feed of real-world Non-Human Identity (NHI) credential leak incidents. Maintained by Cremit.

Browse

  • All incidents
  • npm supply chain
  • CI/CD compromise
  • Methodology

Subscribe

  • RSS feed
  • @cremit_io
  • GitHub
// status
monitor active
// build
2026-07-04
// origin
cremit · seoul, kr
// license
CC BY 4.0

© 2026 Cremit. content reuse encouraged with attribution.

catches

Caught packages

Every package the analyzer pipeline classified as auto-published. Sort by weekly downloads to surface the highest-blast-radius cases first.

caught total
1,272
0 in last 7 days
top by downloads
1.1M/wk
disposable-email-domains
top pattern
reads-env-vars
185 hits
sort
downloadsrecenth-scorepatterns
/ecosystem
allnpmpypigh-actionsvscodehuggingface
1 result·indexed 2026-06-07
  • AUTO-PUBLISHED/vscode/2026-06-02

    BMC-IZOT-UAP-Internship-TE-TEAM-3.static-sla-guardian-performance-impact-agent@65.0.0

    by BMC-IZOT-UAP-Internship-TE-TEAM-3

    Static COBOL analyzer: syntax check, dead code detection, feature extraction, SLA performance prediction, and Validate & Push gate.

    steals →AI API keys→ sends tohttp://44.223.144.244:8000/appserver/integration
    reads-ai-api-keyshttp-to-public-ip

    → Credential read (reads-ai-api-keys) paired with http-to-public-ip destination — classic exfiltration signature.

    weekly
    —
    /wk
llm verdict
malicious 0.95
h-score
40
patterns
2
size
5.4 MB
versions
1