Security News

North Koreans clone open source projects to plant backdoors, steal credentials
2025-01-29 23:29

Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea's Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing...

Clone2Leak attacks exploit Git flaws to steal credentials
2025-01-27 16:36

A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
2025-01-27 14:17

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access...

Hackers leak configs and VPN credentials for 15,000 FortiGate devices
2025-01-16 02:57

A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical...

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
2025-01-15 15:48

Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via...

How initial access brokers (IABs) sell your users’ credentials
2025-01-08 15:04

Initial Access Brokers (IABs) are specialized cybercriminals that break into corporate networks and sell stolen access to other attackers. Learn from Specops Software about how IABs operate and...

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
2024-12-28 06:25

A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856...

HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
2024-12-18 14:10

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure...

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
2024-12-13 20:00

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000...

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
2024-12-12 14:24

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as...