Breach explained

A collection of 27 posts

xAI Secret Leak: The Story of a Disclosure

xAI Secret Leak: The Story of a Disclosure

AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain.

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.

The Open-Source Backdoor That Almost Compromised SSH

The Open-Source Backdoor That Almost Compromised SSH

The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.

Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years

Microsoft AI involuntarily exposed a secret giving access to 38TB of confidential data for 3 years

Discover how an overprovisioned SAS token exposed a massive 38TB trove of private data on GitHub for nearly three years. Learn about the misconfiguration, security risks, and mitigation strategies to protect your sensitive assets.

arrow-down