Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with…
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing…
Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket…
Nokia says hackers leaked third-party app source code
Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs…
Nokia investigates breach after hacker claims to steal source code
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source…
Bitbucket artifact files can leak plaintext authentication secrets
Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. [...]
Atlassian patches critical RCE flaws across multiple products
Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with…
StripedFly malware framework infects 1 million Windows, Linux hosts
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a…
Ransomware access brokers use Google ads to breach your network
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords,…
Secrets Rotation Recommended After CircleCI Security Incident
Companies are being urged to update 0Auth, runner, and project API tokens, along with other secrets stashed with CircleCI.
CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing…
PurpleUrchin Gang Embraces DevOps in Massive Cloud Malware Campaign
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial…
Atlassian fixes critical command injection bug in Bitbucket Server
Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket…