Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
GitHub
90% of exposed secrets on GitHub remain active for at least five days

12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed …

GitHub
GitHub push protection now on by default for public repositories

GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by …

AI
Cybercriminals harness AI for new era of malware development

The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase …

API
Researchers discover exposed API secrets, impacting major tech tokens

Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to …

Trello
Data of 15 million Trello users scraped and offered for sale

Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The …

large language models
Top LLM vulnerabilities and how to mitigate the associated risk

As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress …

digital identity
Selective disclosure in the identity wallet: How users share the data that is really needed

Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals …

Progress MOVEit
Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The …

LockBit leaks sensitive data from maximum security fence manufacturer

The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running …

VPN
Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks

Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, …

VirusTotal
VirusTotal leaked data of 5,600 registered users

VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about …

Progress MOVEit
A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)

Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web …

Don't miss

Cybersecurity news