‼️🚨 Microsoft calls this "intended behaviour," so here we go.
How to dump the credentials of every user stored in Microsoft Edge:
1. Open Edge. Don't browse anywhere, just open it.
2. Flip to Task Manager, find Edge, expand the task.
3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump."
4. Open the dump file and look for credentials.
The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking.
Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L
❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design."
All of them. Including credentials for sites you won't open this session.
Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way.
Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them.
In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful.
What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext.
In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running.
Microsoft's official response when notified: "by design."
The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.
🚨 Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.
We’ll continue updating our coverage as more details are confirmed.
https://t.co/G0aakn8swq
🛑 108 Chrome extensions with 20,000 installs were tied to one backend stealing user data.
They captured Google accounts, hijacked Telegram sessions, and injected scripts into every page—while posing as games and utilities.
🔗Read → https://t.co/uX9xvvdWYt
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
@DoorDash_Help Your support staff is a mess. Even after clearly sharing the order date and order number, they are like oh are we talking about the order you placed 3 days back. How is it my fault that the food was spilled twice in 3 days? The delivery image clearly shows it. Terrible experience
@DoorDash_Help This is the second time in a week that everything was spilled out of the containers and I’ve had to throw it out. To make things worse, your support team says they can’t process a refund. Never using @DoorDash again and cancelling the DashPass.
@TMobileHelp I’m not sure how cancelling a line messed up the line permissions on my @TMobile account but I’m not able to access anything from the web portal since then. Your phone tech support isn’t helpful. It has been more than 2 weeks.