/incidentsfield log

Catches Campaigns Exfil Patterns LLM Incidents Methodology

↺rss ↗cremit.io

incidents.cremit.io

A reference feed of real-world Non-Human Identity (NHI) credential leak incidents. Maintained by Cremit.

Browse

All incidents
npm supply chain
CI/CD compromise
Methodology

Subscribe

RSS feed
@cremit_io
GitHub

// status

monitor active

// build

2026-05-20

// origin

cremit · seoul, kr

// license

© 2026 Cremit. content reuse encouraged with attribution.

// year

2021 incidents

Every incident with a disclosure date in 2021, sorted by date.

3 incidents indexed

2021-11-04·CRITICAL8.7·confirmed
rc and coa Coordinated npm Account Takeover (2021)
Two long-unmaintained npm packages — rc and coa, with combined weekly downloads in the tens of millions — were hijacked the same day and shipped credential-harvesting payloads matching ua-parser-js.
vector / npm supply chainplatforms / npmread / 5 min
2021-10-22·CRITICAL8.8·confirmed
ua-parser-js npm Account Compromise (2021)
An attacker took over the maintainer account of ua-parser-js — a package with ~7M weekly downloads — and shipped versions containing a credential stealer (Windows) and a cryptominer (Linux).
vector / npm supply chainplatforms / npmread / 5 min
2021-04-15·CRITICAL9.2·confirmed
Codecov Bash Uploader Compromise (2021)
Threat actors modified Codecov's Bash Uploader to exfiltrate environment variables containing tokens, credentials, and keys from CI/CD pipelines across roughly 29,000 affected organizations.
vector / CI/CD compromiseplatforms / Codecov, GitHub, GitLab, +1read / 4 min