EmeraldWhale’s Massive Git Breach Highlights Config Gaps
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
Interbank confirms data breach following failed extortion, data leak
Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its…
Building Resilience: A Post-Breach Security Strategy for Any Organization
In the wake of a recent breach that compromised sensitive information, a healthcare organization sought my guidance on how to…
Detection Engineering in Post SIEM and SOAR World
A few years back, my security team was tasked to create and maintain a green field environment for FEDRAMP compliance.…
Safeguarding Corporate Secrets: Best Practices and Advanced Solutions
Do you know where all the secrets are? The probable answer to this might be NO and believe me you…
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors…
Cisco takes DevHub portal offline after hacker publishes stolen data
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it…
GitLab warns of critical arbitrary branch pipeline execution flaw
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical…
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend:…
Microsoft overhauls security for publishing Edge extensions
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts…