Security News

Malicious Rspack, Vant packages published using stolen NPM tokens
2024-12-20 17:47

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. [...]

Internet Archive breached again through stolen access tokens
2024-10-20 14:46

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]

X hacking spree fuels "$HACKED" crypto token pump-and-dump
2024-09-18 19:07

An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. [...]

GitHub Actions artifacts found leaking auth tokens in popular projects
2024-08-14 20:19

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD...

Leaked GitHub Python Token
2024-08-02 11:01

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation. The implications of someone finding this leaked token could be extremely severe.

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks
2024-07-15 16:18

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
2024-06-11 18:59

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment apps and exposes GitHub access tokens. "In particular, malicious content as part of a pull request to a GitHub project which would be handled by IntelliJ-based IDEs, would expose access tokens to a third-party host."

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)
2024-06-11 12:33

JetBrains has fixed a critical vulnerability that could expose users of its integrated development environments to GitHub access token compromise. CVE-2024-37051 is a vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform, and affects all IntelliJ-based IDEs as of 2023.1 onwards that have it enabled and configured/in-use.

New York Times source code stolen using exposed GitHub token
2024-06-08 17:10

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. "Basically all source code belonging to The New York Times Company, 270GB," reads the 4chan forum post.

AI platform Hugging Face says hackers stole auth tokens from Spaces
2024-06-02 20:56

AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. Hugging Face Spaces is a repository of AI apps created and submitted by the community's users, allowing other members to demo them.