-
Hackers steal 15,000 cloud credentials from exposed Git config files
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.
- October 30, 2024
- 10:00 AM
0
-
AI platform Hugging Face says hackers stole auth tokens from Spaces
AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members.
- June 02, 2024
- 04:56 PM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Bitbucket artifact files can leak plaintext authentication secrets
Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects.
- May 21, 2024
- 03:05 PM
- 0
-
Over 12 million auth secrets and keys leaked on GitHub in 2023
GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days.
- March 12, 2024
- 11:23 AM
- 4
-
Microsoft says Russian hackers breached its systems, accessed source code
Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack.
- March 08, 2024
- 10:31 AM
- 4
-
New WiKI-Eve attack can steal numerical passwords over WiFi
A new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen.
- September 11, 2023
- 04:30 PM
- 0
-
Bitwarden releases free and open-source E2EE Secrets Manager
Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry.
- August 23, 2023
- 03:04 PM
- 0
-
Thousands of images on Docker Hub leak auth secrets, private keys
Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.
- July 16, 2023
- 10:09 AM
- 0
-
Legion: New hacktool steals credentials from misconfigured sites
A new Python-based credential harvester and SMTP hijacking tool named 'Legion' is being sold on Telegram, allowing cybercriminals to automate attacks against online email services.
- April 13, 2023
- 06:00 AM
- 0
-
GitHub.com rotates its exposed private SSH key
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abundance of caution."
- March 24, 2023
- 04:33 AM
- 0
-
GitHub’s secret scanning alerts now available for all public repos
GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.
- March 01, 2023
- 12:33 PM
- 0
-
GitHub Copilot update stops AI model from revealing secrets
GitHub has updated the AI model of Copilot, a programming assistant that generates real-time source code and function recommendations in Visual Studio, and says it's now safer and more powerful.
- February 15, 2023
- 04:03 PM
- 0
-
GitHub rolls out free secret scanning for all public repositories
GitHub is rolling out support for the free scanning of exposed secrets (such as credentials and auth tokens) to all public repositories on its code hosting platform.
- December 15, 2022
- 02:09 PM
- 0
-
Docker Hub repositories hide over 1,650 malicious containers
Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors.
- November 24, 2022
- 12:16 PM
- 0
-
New open-source tool scans public AWS S3 buckets for secrets
A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets.
- October 29, 2022
- 11:12 AM
- 0
