Security News

Hackers ramp up scans for leaked Git tokens and secrets
2025-04-29 19:02

Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code...

Blue Shield of California leaked health data of 4.7 million members to Google
2025-04-23 15:38

Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. [...]

Recent GitHub supply chain attack traced to leaked SpotBugs token
2025-04-03 14:46

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise...

GitHub expands security tools after 39 million secrets leaked in 2024
2025-04-02 18:24

Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. [...]

70% of leaked secrets remain active two years later
2025-03-20 05:00

Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication...

Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
2025-03-19 13:50

The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak,...

Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts
2025-02-26 13:54

More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and...

Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
2025-02-07 11:01

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their...

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
2025-01-30 10:09

Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed...

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked
2025-01-19 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger...