Security News

Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. The October Okta security breach involved more than 130 customers of that IT access management biz, in which snoops swiped data from Okta in hope of drilling further into those organizations.

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. On September 29, 2023, researchers at RedHunt Labs discovered a GitHub token in a public repository belonging to a Mercedez employee that gave access to the company's internal GitHub Enterprise Server.

A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. The post was spotted by threat intelligence company KELA and while the legitimacy of the offer has not been validated, the screenshots from the seller indicate that the package is real. The seller of the Zeppelin source code and builder uses the handle 'RET' and clarified that they did not author the malware but simply managed to crack a builder version for it.

The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data.

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. While it's common for ransomware actors to regroup, rebrand, or disband their activities following such seizures, what can also happen is that the core developers can pass on the source code and other infrastructure in their possession to another threat actor.

A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor. A threat actor named Gookee has been previously associated with malware and hacking activity, attempting to sell access to Sony Network Japan in 2020, linked to a Ransomware-as-a-Service operation called 'Gookee Ransomware,' and trying to sell malware source code on a hacker forum.

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code...

An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. They have continuously published malicious packages."

The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community. BlackLotus is a Windows-targeting UEFI bootkit that bypasses Secure Boot on fully patched Windows 11 installs, evades security software, persists on an infected system, and executes payloads with the highest level of privileges in the operating system.

Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source of free operating systems, applications, programming libraries, and developers' toolkits that have done computer science and software engineering a world of good. In cases like that, you can save time by searching for a package that already exists in one of the many available repositories, and hooking that external package into your own tree of source code.