Security News

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

2025-03-15 05:55

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but...

#cloud #token

Pump.fun X account hacked to promote scam governance token

2025-02-26 16:07

The immensely popular memecoin generator Pump.fun had its X account hacked to promote a fake "PUMP" token cryptocurrency scam. [...]

#hacked #scam #token

Malicious PyPi package steals Discord auth tokens from devs

2025-01-17 19:16

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]

#devs #token

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

2025-01-08 18:55

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]

#csrf #exploit #firewall #hacker #token #CVE-2024-52875

Malicious Rspack, Vant packages published using stolen NPM tokens

2024-12-20 17:47

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. [...]

#NPM #token

Internet Archive breached again through stolen access tokens

2024-10-20 14:46

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]

#internet #token

X hacking spree fuels "$HACKED" crypto token pump-and-dump

2024-09-18 19:07

An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. [...]

#crypto #hacked #hacking #token

GitHub Actions artifacts found leaking auth tokens in popular projects

2024-08-14 20:19

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD...

#github #token

Leaked GitHub Python Token

2024-08-02 11:01

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation. The implications of someone finding this leaked token could be extremely severe.

#github #leaked #python #token

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks

2024-07-15 16:18

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.

#attack #github #leak #python #token

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News