A significant cybersecurity breach has been reported, involving the theft of over 390,000 WordPress credentials through a malicious GitHub repository. This yearlong supply-chain attack specifically targeted security professionals, including experienced researchers and penetration testers. The compromised repository was disguised as a benign publishing tool, leading to the exfiltration of sensitive credentials. The incident highlights ongoing vulnerabilities in the cybersecurity landscape, particularly for those tasked with safeguarding digital environments.