Security News

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
2025-04-04 12:28

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back...

Recent GitHub supply chain attack traced to leaked SpotBugs token
2025-04-03 14:46

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise...

Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?
2025-04-01 11:03

Explore how relying on CSRF tokens as a security measure against CSRF attacks is a recommended best practice, but in some cases, they are simply not enough. Introduction As per the Open Web...

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
2025-03-15 05:55

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but...

Pump.fun X account hacked to promote scam governance token
2025-02-26 16:07

The immensely popular memecoin generator Pump.fun had its X account hacked to promote a fake "PUMP" token cryptocurrency scam. [...]

Malicious PyPi package steals Discord auth tokens from devs
2025-01-17 19:16

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens
2025-01-08 18:55

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]

Malicious Rspack, Vant packages published using stolen NPM tokens
2024-12-20 17:47

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. [...]

Internet Archive breached again through stolen access tokens
2024-10-20 14:46

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]

X hacking spree fuels "$HACKED" crypto token pump-and-dump
2024-09-18 19:07

An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. [...]