Breach explained

A collection of 28 posts

The Nx "s1ngularity" Attack: Inside the Credential Leak

The Nx "s1ngularity" Attack: Inside the Credential Leak

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller scope of exposure.

xAI Secret Leak: The Story of a Disclosure

xAI Secret Leak: The Story of a Disclosure

AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain.

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.

The Open-Source Backdoor That Almost Compromised SSH

The Open-Source Backdoor That Almost Compromised SSH

The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.

The Secret's Out: How Stolen Okta Auth Tokens Led to Cloudflare Breach

The Secret's Out: How Stolen Okta Auth Tokens Led to Cloudflare Breach

Cloudflare experienced a security breach when its internal systems were compromised, leading to unauthorized access to sensitive data. Another incident highlights the importance of maintaining strict secrets security across the supply chain.

Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years

Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years

Discover how an overprovisioned SAS token exposed a massive 38TB trove of private data on GitHub for nearly three years. Learn about the misconfiguration, security risks, and mitigation strategies to protect your sensitive assets.

arrow-down