The Breach News

PipeMagic Trojan Leverages Windows Zero-Day Flaw to Launch Ransomware Attacks

Microsoft has disclosed that a recently patched security vulnerability within the Windows Common Log File System (CLFS) was actively exploited as a zero-day in targeted ransomware attacks against several entities. This flaw, identified as CVE-2025-29824, was employed to escalate privileges, thus granting attackers SYSTEM-level access. The affected organizations span multiple…

Read MorePipeMagic Trojan Leverages Windows Zero-Day Flaw to Launch Ransomware Attacks

Your Account Security is at Stake: Reset Your Password Now!

Redazione RHC : 30 August 2025 10:39 On August 30, 2025, Google issued a critical security advisory concerning its popular Gmail service, impacting approximately 2.5 billion users globally. This alert follows a significant data breach involving a third-party Salesforce-based application utilized by the company, prompting heightened vigilance among users to enhance account…

Read MoreYour Account Security is at Stake: Reset Your Password Now!

ASUS Addresses Remote Code Execution Vulnerabilities in DriverHub Exploitable via HTTP and Custom .ini Files

ASUS has announced critical updates to mitigate two significant security vulnerabilities found in ASUS DriverHub. These flaws, if successfully exploited, could allow an attacker to achieve remote code execution, putting users at considerable risk. DriverHub is a utility designed to automatically identify a computer’s motherboard model and facilitate the installation…

Read MoreASUS Addresses Remote Code Execution Vulnerabilities in DriverHub Exploitable via HTTP and Custom .ini Files

North Korean APT43 Group Exploits Cybercrime to Finance Espionage Activities

A newly identified North Korean cyber operator has been linked to multiple campaigns aimed at gathering intelligence strategically aligned with Pyongyang’s geopolitical goals. Since 2018, this group, tracked by Google-affiliated Mandiant as APT43, has pursued both espionage and financial gain, employing techniques such as credential harvesting and social engineering to…

Read MoreNorth Korean APT43 Group Exploits Cybercrime to Finance Espionage Activities

Pentagon Investigates Microsoft’s Employment of Chinese Coders

Cloud Security, Government, Industry Specific U.S. Defense Department Halts and Reviews Microsoft’s ‘Digital Escorts’ Program Chris Riotta (@chrisriotta) • August 29, 2025 Image: Austin Nooe/Shutterstock The U.S. Department of Defense (DoD) has launched a review of Microsoft’s employment of Chinese nationals to assist in coding for military cloud infrastructure. This…

Read MorePentagon Investigates Microsoft’s Employment of Chinese Coders

Whistleblower’s Resignation Email at SSA Mysteriously Vanishes from Inboxes

On Friday, Chuck Borges, the chief data officer of the Social Security Administration (SSA), reported that he was forcibly removed from his position after submitting a whistleblower complaint. This complaint alleged serious mishandling of sensitive data within the agency. According to multiple SSA sources, this email was shortly retracted from…

Read MoreWhistleblower’s Resignation Email at SSA Mysteriously Vanishes from Inboxes

The Alarming Rise of Non-Human Identities: A New Frontier in Security Vulnerabilities

Apr 09, 2025
Secrets Management / DevOps

The 2025 GitGuardian State of Secrets Sprawl report highlights the critical issue of secrets exposure in contemporary software environments. A key driver of this concern is the explosive growth of non-human identities (NHIs), which have consistently outnumbered human users for several years. It’s imperative that we proactively implement security measures and governance for these machine identities, as their ongoing deployment poses unprecedented security risks.

In 2024 alone, a staggering 23.77 million new secrets were leaked on GitHub—a 25% increase from the previous year. This dramatic surge underscores how the rapid proliferation of NHIs, including service accounts, microservices, and AI agents, is significantly expanding the attack surface for cyber threats.

The NHI Security Challenge

Within DevOps environments, non-human identity secrets, such as API keys and service accounts, now surpass human identities by a ratio of at least 45-to-1, fundamentally altering the security landscape.

Surge in Non-Human Identities Uncovers Significant Security Risks April 9, 2025 In a striking revelation, GitGuardian’s 2025 State of Secrets Sprawl report has illuminated the concerning growth of secrets exposure within contemporary software landscapes. Central to this issue is the rapid proliferation of non-human identities (NHIs), which have increasingly outstripped…

Read More

The Alarming Rise of Non-Human Identities: A New Frontier in Security Vulnerabilities

Apr 09, 2025
Secrets Management / DevOps

The 2025 GitGuardian State of Secrets Sprawl report highlights the critical issue of secrets exposure in contemporary software environments. A key driver of this concern is the explosive growth of non-human identities (NHIs), which have consistently outnumbered human users for several years. It’s imperative that we proactively implement security measures and governance for these machine identities, as their ongoing deployment poses unprecedented security risks.

In 2024 alone, a staggering 23.77 million new secrets were leaked on GitHub—a 25% increase from the previous year. This dramatic surge underscores how the rapid proliferation of NHIs, including service accounts, microservices, and AI agents, is significantly expanding the attack surface for cyber threats.

The NHI Security Challenge

Within DevOps environments, non-human identity secrets, such as API keys and service accounts, now surpass human identities by a ratio of at least 45-to-1, fundamentally altering the security landscape.

Google Gmail Data Breach: Identifying a Hack and What Steps to Take – MSN

Google Gmail Data Breach: Indicators of a Security Compromise and Recommended Actions In a recent cybersecurity incident, Google Gmail accounts have been targeted in a significant data breach, raising alarms for users and businesses alike. The breach potentially affects a wide range of users, particularly those reliant on Gmail for…

Read MoreGoogle Gmail Data Breach: Identifying a Hack and What Steps to Take – MSN