hxxps://webhook[.]site/49c21843-c27c-4a1b-b1f6-037c3998055f

Posts referencing this indicator

• Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI

  Exfiltration endpoint used to receive stolen credentials and environment variables.

  2026-05-13