Breach explained

A collection of 7 posts

How Hackers Used Stolen GitHub Tokens to Access Private Source Code

How Hackers Used Stolen GitHub Tokens to Access Private Source Code

Attackers have used stolen OAuth tokens issued to Travis CI and Heroku to gain access to private git repositories on GitHub. Here we take a look at exactly what happened, why it's significant, and how to mitigate the issue.

Latest from Lapsus$, Reviewing the Microsoft Breach

Latest from Lapsus$, Reviewing the Microsoft Breach

Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects. GitGuardian analyzed the code looking for secrets sprawl.

Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets

Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets

Nearly 200GB of source code from Samsung and the source code from Nvidia's latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak

While most of the attention has been on streamers’ revenues, our 6000 Git repositories study shows a much more serious problem that extends far beyond just this single breach.

Codecov supply chain breach - explained step by step

Codecov supply chain breach - explained step by step

Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.

Analyzing how hackers breached the Indian government - play by play

Analyzing how hackers breached the Indian government - play by play

The Indian government was breached in a significant attack launched by a white hat hacking group Sakura Samurai leading to a 34 page vulnerability report. Today we will analyze the attack play by play.

Reviewing the 2021 United Nations data breach

Reviewing the 2021 United Nations data breach

The ethical hacking group Sakura Samurai recently gained access to private United Nations (UN) employee data and systems in a significant data breach.

arrow-down