T1552.001 - Credentials In Files - MITRE ATT&CK

Threat entity extracted from intelligence sources

Frequency
30
occurrences
First Seen
February 6, 2026
Last Seen
July 12, 2026

T1552.001 - Credentials In Files is a mitre_attack tracked across 22 threat clusters and 30 intelligence report mentions on ThreatCluster. First observed February 6, 2026; most recent activity July 12, 2026.

Related Threat Clusters

Recent Intelligence Reports

  • jscrambler npm hijack sweeps AI coding tool config keys — Aiweekly.Co · July 12, 2026
  • [SecurityIntel] 24 Jun | Active Exploitation of Cisco CM and Samsung KNOX — Buttondown · June 24, 2026
  • Salesloft Drift OAuth Token Breach Enables Salesforce Data Theft in UNC6395 'Icarus ... — Rescana · June 21, 2026
  • French government messaging platform Tchap breached via hijacked account — Scworld · June 9, 2026
  • Marimo Oss Python Notebook Rce From Disclosure To Exploitation In Under 10 Hours — www.sysdig.com · May 31, 2026
  • Hackers Pivot from marimo RCE to Internal Database Using LLM Agent — Gbhackers · May 28, 2026
  • TrapDoor Attack Targets CLAUDE.md and .cursorrules With Zero — Letsdatascience · May 26, 2026
  • The EURR stablecoin collapses to 0.85 dollars after a hack at StablR — Cointribune · May 24, 2026

CVSS v3.1 Breakdown