credentials
74,000 Fortinet firewall credentials exposed in FortiBleed data leak
A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The …
Microsoft Entra pushes passkeys, tightens identity security
Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero …
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server …
Deleted Google API keys keep working for up to 23 minutes, researchers warn
Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up …
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach …
Over 70% of organizations hit by identity breaches
Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security …
Your coworker might be selling company logins, and thinks it’s fine
Employee behavior once considered unacceptable is becoming tolerated across various industries, particularly in IT and telecommunications, and at all levels of seniority, …
Google brings instant email verification to Android, no OTP needed
Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API …
29 million leaked secrets in 2025: Why AI agents credentials are out of control
AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of …
To counter cookie theft, Chrome ships device-bound session credentials
Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled …
AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure
Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded …
LeakBase cybercrime forum with 142,000 users taken down in global operation
LeakBase, an open-web cybercrime forum facilitating the trade of leaked databases and “stealer logs” containing stolen credentials, has been taken down in an international law …
Featured news
Resources
Don't miss
- JSP webshells being dropped on unpatched PTC Windchill instances
- Mozilla warns of indirect prompt injection risk in AI coding agents
- DarkMoon: Open-source AI pentesting platform
- Sycophantic chatbots and the harms that build over many chats
- Companies keep bolting AI onto their products, and the security bill is coming due