Threats Tagged 'webhook-exfiltration'
View all threats tagged with 'webhook-exfiltration'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'webhook-exfiltration'
Click on any threat for detailed analysis and mitigation recommendations
Four published versions of a fake "tanstack" package uploaded in 27 minutes that want to steal your .env files 0 An attacker registered the unscoped 'tanstack' name on npm and published four malicious versions (2.0.4-2.0.7) within 27 minutes on April 29, 2026. These packages contained postinstall hooks that automatically exfiltrated environment files containing sensitive credentials when developers ran npm install. The attacker exploited name confusion with the legitimate @tanstack organization, which publishes widely-used JavaScript libraries. The malicious code targeted .env files, stealing AWS keys, API tokens, database credentials, and OAuth secrets by sending them to an attacker-controlled Svix webhook endpoint. Version 2.0.6 was particularly dangerous, sweeping all .env variants in the working directory. The version history reveals live debugging by the attacker, who iteratively refined the payload targeting and stealth capabilities while the package remained publicly available with approximately 19,830 monthly downloads. Join the discussion | AlienVault OTX General | 05/05/2026, 14:29:39 UTC Added: 05/05/2026, 16:21:40 UTC |
Showing 1 to 1 of 1 result