Twitter’s leak illustrates why source code should never be sensitive
Twitter's source code was recently leaked publicly on a GitHub repository. This blog post looks at exactly what happened and what security consequences could stem from this leak.
GitHub Exposed A Private SSH Key: What You Need To Know
Everyone has secrets leakage incidents from time to time, even massive players like GitHub. This is a good reminder we all need to stay vigilant and embrace the right tools to help us stay safe.
Dropbox Suffers Data Breach From Phishing Attack, Exposing Customer and Employee Emails
Dropbox has confirmed they suffered a data breach involving a bad actor gaining access to credentials, data, and other secrets inside their internal GitHub code repositories.
Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub
On October 7th, Toyota revealed a partial copy of their T-Connect source code had been accidentally exposed for 5 years, including access to data for over 290,000 customers.
Uber Breach 2022 – Everything You Need to Know
On Thursday, September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. This is an evolving situation, but we will bring you here the latest information and commentary as we get it.
Thinking Like a Hacker: AWS Keys in Private Repos
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Second case: an AWS secret is found in a private repository.
How Hackers Used Stolen GitHub Tokens to Access Private Source Code
Attackers have used stolen OAuth tokens issued to Travis CI and Heroku to gain access to private git repositories on GitHub. Here we take a look at exactly what happened, why it's significant, and how to mitigate the issue.
Latest from Lapsus$, Reviewing the Microsoft Breach
Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects. GitGuardian analyzed the code looking for secrets sprawl.
Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets
Nearly 200GB of source code from Samsung and the source code from Nvidia's latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few
Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak
While most of the attention has been on streamers’ revenues, our 6000 Git repositories study shows a much more serious problem that extends far beyond just this single breach.
Codecov supply chain breach - explained step by step
Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.
Analyzing how hackers breached the Indian government - play by play
The Indian government was breached in a significant attack launched by a white hat hacking group Sakura Samurai leading to a 34 page vulnerability report. Today we will analyze the attack play by play.
Reviewing the 2021 United Nations data breach
The ethical hacking group Sakura Samurai recently gained access to private United Nations (UN) employee data and systems in a significant data breach.
