Breach explained

A collection of 27 posts

xAI Secret Leak: The Story of a Disclosure

xAI Secret Leak: The Story of a Disclosure

AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain.

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.

Early Lessons from the Sisense Breach

Early Lessons from the Sisense Breach

Business intelligence company Sisense has seen secrets compromised in its GitLab repositories, leading to a siphoning of its customers' sensitive data.

The Open-Source Backdoor That Almost Compromised SSH

The Open-Source Backdoor That Almost Compromised SSH

The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.

The Secret's Out: How Stolen Okta Auth Tokens Led to Cloudflare Breach

The Secret's Out: How Stolen Okta Auth Tokens Led to Cloudflare Breach

Cloudflare experienced a security breach when its internal systems were compromised, leading to unauthorized access to sensitive data. Another incident highlights the importance of maintaining strict secrets security across the supply chain.

arrow-down