Skip to main content

Tag: credential compromise

5 articles

Server racks in a brightly-lit data center with a single blurred-out laptop in the foreground.

Azure CLI Hit by Massive Password Spray Attack Targeting 78 Accounts

In a staggering display of cyber aggression, a threat actor launched a massive password spray attack on Microsoft's Azure CLI, racking up over 81 million login attempts and breaching at least 78 accounts across 64 organizations in just two weeks. The relentless campaign, which unfolded between June 12 and June 26, successfully compromised accounts at an alarming rate of two to four per day, with some days seeing spikes of up to 30 breaches.

Analyst 207
Server room with equipment racks, cables, and blurred monitors.

Klue OAuth Breach Expands as Icarus Hackers Claim Multiple Victims

Klue's CEO Jason Smith revealed that on June 12, unauthorized activity was detected in their integration infrastructure, prompting a thorough investigation with cybersecurity experts to understand the breach and support affected customers. The incident allowed hackers to steal OAuth tokens through a compromised legacy credential, impacting connections to third-party platforms like Salesforce.

Analyst 207
Cluttered developer workstation with laptop and papers, symbolizing a coding environment.

Grafana Labs Hit by GitHub Breach, Code Stolen in Ransom Demand

Grafana Labs sprang into action after a security breach at GitHub compromised its code, swiftly invalidating leaked credentials and bolstering defenses to prevent further unauthorized access. The company quickly responded to the breach, taking crucial steps to safeguard its environment.

Analyst 207
Security practitioners overlook threats on a large computer screen in a brightly-lit cloud data center.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management

Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

Analyst 207
Cluttered developer workstation with laptop, coding tools, and notebook in a bright, neutral office space.

Cursor Flaw Exposes Developer API Keys to Unrestricted Access

A single design flaw in the AI-powered development tool Cursor has been found to expose developer API keys to unrestricted access, earning a high-severity CVSS score of 8.2. This vulnerability stems from Cursor's weak storage design, which stores sensitive authentication data in a locally accessible SQLite database without proper protection.

Analyst 207