/incidentsfield log

Catches Campaigns Exfil Patterns LLM Incidents Methodology

↺rss ↗cremit.io

incidents.cremit.io

A reference feed of real-world Non-Human Identity (NHI) credential leak incidents. Maintained by Cremit.

Browse

All incidents
npm supply chain
CI/CD compromise
Methodology

Subscribe

RSS feed
@cremit_io
GitHub

// status

monitor active

// build

2026-05-20

// origin

cremit · seoul, kr

// license

© 2026 Cremit. content reuse encouraged with attribution.

home/token-types/oauth-token-generic

// token type

OAuth Token (generic) leaks

Indexed incidents that exposed OAuth Token (generic). Sorted by disclosure date.

3 incidents indexed

2026-05-12·CRITICAL9.5·confirmed
Mini Shai-Hulud npm Worm: TanStack, UiPath, Mistral AI and 169 Packages Compromised (May 2026)
npm worm hit 373 versions across 169 packages (@tanstack, @squawk, @uipath, mistralai) via trusted-publishing OIDC abuse and a prepare-script git dep that exfiltrates cloud and registry secrets at install.
vector / npm supply chainplatforms / npm, GitHub, AWSread / 10 min
2026-04-19·HIGH7.8·confirmed
Vercel Context.ai Incident: Environment Variables Accessed via Compromised AI Tool (2026)
A third-party AI tool used by a Vercel employee was compromised, leading to Google Workspace takeover and access to non-sensitive environment variables in a subset of customer projects.
vector / Third-party AI tool compromiseplatforms / Vercelread / 3 min
2023-01-04·CRITICAL8.6·confirmed
CircleCI Session Token Breach (2023)
Malware on a CircleCI engineer's laptop stole a 2FA-backed session token, giving the attacker production access to customer environment variables and any secrets stored in CircleCI.
vector / CI/CD compromiseplatforms / CircleCI, GitHub, AWSread / 3 min