data leak
90% of exposed secrets on GitHub remain active for at least five days
12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed …
GitHub push protection now on by default for public repositories
GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by …
Cybercriminals harness AI for new era of malware development
The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase …
Researchers discover exposed API secrets, impacting major tech tokens
Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to …
Data of 15 million Trello users scraped and offered for sale
Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The …
Top LLM vulnerabilities and how to mitigate the associated risk
As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress …
Selective disclosure in the identity wallet: How users share the data that is really needed
Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals …
Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations
The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The …
LockBit leaks sensitive data from maximum security fence manufacturer
The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running …
Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks
Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, …
VirusTotal leaked data of 5,600 registered users
VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about …
A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)
Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web …