Tag: credential exposure
15 articles

CISA Exposes Lessons from AWS GovCloud Key Incident Response
When a security researcher uncovered exposed credentials in a public GitHub repository, CISA sprang into action, swiftly mitigating any potential exposure to its cloud resources and code repositories. Thanks to the researcher's sharp eyes and KrebsOnSecurity's reporting, CISA was able to respond quickly and contain the incident.

KDDI Breach Exposes 14.2 Million Email Credentials
A massive data breach at KDDI has potentially exposed a staggering 14.2 million email addresses and passwords, putting countless users at risk of cyber threats. The breach was detected on June 17, and although KDDI quickly took action to prevent further intrusion, the full extent of the incident is still under investigation.

Phishers Target Midterm Elections With 5K+ Domain Registrations
Scammers are ramping up their efforts to deceive voters with over 5,000 election-themed domains registered in just two months, providing a fertile ground for phishing, impersonation, and misinformation campaigns to manipulate the midterm elections. This alarming surge in domain registrations has already exposed around 17,000 credentials linked to sensitive organizations and services.

CISA Breach Exposes Sensitive Government Systems
A shocking security lapse at CISA exposed highly sensitive government systems, thanks to a contractor's careless mistake of leaving credentials to privileged AWS GovCloud accounts and internal systems publicly available on GitHub. The error granted unfettered access to a vast array of agency infrastructure, putting national security at risk.

Identity Exposures Form Highways for Cyber Attacks
A single compromised identity can become a superhighway for cyber attacks, giving hackers access to nearly every critical workload a business relies on - as seen in a recent incident where a cached AWS access key on one Windows machine put 98% of the company's cloud environment at risk. Identity has become the ultimate attack path, carrying with it a multitude of permissions just waiting to be exploited.

CISA Contractor Exposes AWS GovCloud Keys in GitHub Leak
A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) made a critical mistake by exposing sensitive AWS GovCloud keys, plaintext passwords, and internal files in a public GitHub repository. The leak, described as one of the worst ever witnessed, included highly privileged credentials and build artifacts for numerous internal CISA systems.

Lovable Disputes Data Leak, Shifts Blame to HackerOne
Lovable, a coding platform, is facing scrutiny after a security researcher uncovered a major data leak, exposing users' sensitive information, including credentials, chat history, and source code, to anyone with a free account. The company's shifting explanations have only added fuel to the fire, sparking concerns about its data handling practices.

Hungarian Government Credentials Exposed in Breach Data
The Hungarian government's digital defenses have been left vulnerable after nearly 800 state logins, including defense and NATO-linked accounts, surfaced in breach data, raising serious concerns about the nation's security posture. One alarming example? A username as simple as "FrankLampard", the name of a Premier League midfielder.

Vulnerabilities Exposed in Amazon Bedrock AgentCore Sandbox
Security researchers at Unit 42 have uncovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, revealing that a protective layer meant to separate code and services can be breached using DNS tunneling, exposing sensitive credentials in the process. This alarming discovery highlights the potential risks of slipping through the cracks of a supposedly secure system.

Alarming API Leak Exposes Global Bank's Cloud Credentials
A recent study has uncovered a shocking security risk, revealing that hundreds of valid API keys - essentially digital master keys - have been left exposed on the web, putting sensitive information at risk. This alarming API leak highlights the urgent need for stronger API security measures to protect our data.

Ni8mare Stunning Dangerous Bug Hijacks n8n Servers
Imagine the tool you trust to automate workflows becoming a master key for attackers — Ni8mare is a high‑risk flaw in the n8n automation platform that can let adversaries seize servers, steal secrets, and hijack your integrations. If you run internet‑exposed or self‑hosted n8n, patch now and audit for any lingering compromise.

Passwd: Exclusive Best Google Workspace Password Tips
If your companys digital keys were leaked tomorrow, could you recover fast? Passwd is a business-first password vault for Google Workspace that secures shared credentials, enforces access controls and automates rotations so teams can stop credential-stuffing attacks without slowing down work.

AI Browsers Exclusive: Security Leaders Call Risky
Before you roll out agentic browsers, pause—security leaders warn these AI-powered tools can trade productivity for stealthy new attack surfaces. With embedded models, persistent state and plugins able to act for users, CISOs are being urged to block or tightly control them until hardened safeguards arrive.

SonicWall Exclusive Damaging State-Sponsored Cloud Breach
Imagine handing someone the wiring diagram to your house—now replace the house with your network: SonicWall says a state-sponsored actor used an API to access cloud-stored firewall configuration backups, exposing admin credentials, VPN keys and network blueprints that could let attackers slip past defenses.

Managed Identities: Must-Have Fix to Risky Static Secrets
Imagine never leaving API keys on sticky notes again. Managed identities give workloads platform‑issued, short‑lived tokens that slash exposure windows, simplify operations, and force attackers onto harder, noisier paths.