Early Lessons from the Sisense Breach
Business intelligence company Sisense has seen secrets compromised in its GitLab repositories, leading to a siphoning of its customers' sensitive data.
The Open-Source Backdoor That Almost Compromised SSH
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.
Misconfigurations in Google Firebase lead to over 19.8 million leaked secrets
Read our summary of research that found millions of records that exposed user passwords due to misconfigured or missing security settings.
Nation-state hackers access Microsoft source code and steal secrets
Microsoft has been experienced a sustained attack by Russian-backed nation-state attacker Midnight Blizzard (also known as NOBELIUM). This blog examines all we know so far
The Secret's Out: How Stolen Okta Auth Tokens Led to Cloudflare Breach
Cloudflare experienced a security breach when its internal systems were compromised, leading to unauthorized access to sensitive data. Another incident highlights the importance of maintaining strict secrets security across the supply chain.
Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat
Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.
Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years
Discover how an overprovisioned SAS token exposed a massive 38TB trove of private data on GitHub for nearly three years. Learn about the misconfiguration, security risks, and mitigation strategies to protect your sensitive assets.
Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are
In today's digital landscape, the issue of compromised credentials has become a major concern. Discover how renowned companies like Microsoft, VMware, and Sourcegraph were recently confronted with the threats of secrets sprawling.
Researcher finds GitHub admin credentials of car company thanks to misconfiguration
Take a closer look at a security researcher's tale of hacking a car company via their bug bounty program. Learn how to better protect your apps and your org.
Protect Your Keys - Lessons from the Azure Key Breach
Learn how to better protect your organization from attacks by looking at how attackers compromised a Microsoft signing key. Secure your keys and actively monitor code and logs.
Twitter’s leak illustrates why source code should never be sensitive
Twitter's source code was recently leaked publicly on a GitHub repository. This blog post looks at exactly what happened and what security consequences could stem from this leak.
GitHub Exposed A Private SSH Key: What You Need To Know
Everyone has secrets leakage incidents from time to time, even massive players like GitHub. This is a good reminder we all need to stay vigilant and embrace the right tools to help us stay safe.
