Tag GitHub

Coinbase Targeted in GitHub Actions Supply Chain Attack; Secrets Exposed from 218 Repositories’ CI/CD Pipelines

Supply Chain Attack Targets GitHub Action, Compromising Sensitive Data A recent supply chain attack has raised significant cybersecurity concerns, particularly for businesses relying on open-source projects. This incident originated from the GitHub Action “tj-actions/changed-files,” which was initially directed at one of Coinbase’s open-source initiatives but subsequently expanded in scale. According…

Read MoreCoinbase Targeted in GitHub Actions Supply Chain Attack; Secrets Exposed from 218 Repositories’ CI/CD Pipelines

5 Ongoing Malware Campaigns in Q1 2025

The cybersecurity landscape has experienced notable turbulence in the first quarter of 2025, marked by intensifying attacks from cybercriminals employing innovative methods to breach defenses. This report highlights significant malware families and their corresponding analyses within controlled environments. One of the prominent threats this quarter is the NetSupport Remote Access…

Read More5 Ongoing Malware Campaigns in Q1 2025

Weekly Update: Findings from the Salesloft Drift Breach Investigation and Threats from Malicious GitHub Desktop Installers

In the realm of cybersecurity, last week’s developments showcased a significant range of incidents and insights. These events reflect the evolving landscape of cyber threats and the pressing need for vigilance among businesses and professionals. A critical incident involved Salesloft Drift, where attackers gained unauthorized access through the company’s GitHub…

Read MoreWeekly Update: Findings from the Salesloft Drift Breach Investigation and Threats from Malicious GitHub Desktop Installers

Hackers Access Okta’s GitHub Repositories and Exfiltrate Source Code

Okta, a pivotal player in identity and access management, reported an unauthorized access event involving its source code repositories earlier this month. The incident, which was disclosed on Wednesday, raises substantial concerns about the security practices surrounding sensitive organizational code. According to an official statement, Okta reassured stakeholders that “there…

Read MoreHackers Access Okta’s GitHub Repositories and Exfiltrate Source Code

Over 12,000 API Keys and Passwords Discovered in Public Datasets for LLM Training

A recent investigation has uncovered alarming findings regarding a dataset utilized for training large language models (LLMs). This dataset reportedly contains close to 12,000 live secrets, including credentials capable of authenticating access to various services. This discovery raises significant concerns about the risks associated with hard-coded credentials. Organizations face heightened…

Read MoreOver 12,000 API Keys and Passwords Discovered in Public Datasets for LLM Training

Hackers Breach 18 NPM Packages in Supply Chain Attack

Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…

Read MoreHackers Breach 18 NPM Packages in Supply Chain Attack

Microsoft Acknowledges EncryptHub, the Hacker Connected to Over 618 Breaches, for Revealing Windows Vulnerabilities

Microsoft recently acknowledged an individual operating under the EncryptHub alias for uncovering and reporting two significant security vulnerabilities in Windows. This acknowledgment depicts a complex profile of a person straddling a legitimate cybersecurity career while engaging in cybercriminal activities. According to a detailed analysis by Outpost24 KrakenLabs, the individual behind…

Read MoreMicrosoft Acknowledges EncryptHub, the Hacker Connected to Over 618 Breaches, for Revealing Windows Vulnerabilities

Amazon EC2 SSM Agent Vulnerability Fixed After Path Traversal Leads to Privilege Escalation

Recent findings by cybersecurity experts have unveiled a significant vulnerability within the Amazon EC2 Simple Systems Manager (SSM) Agent, a flaw that has since been patched. Should it have been exploited by malicious actors, the vulnerability could have led to unauthorized privilege escalation and code execution on affected systems. The…

Read MoreAmazon EC2 SSM Agent Vulnerability Fixed After Path Traversal Leads to Privilege Escalation