Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses
A lesson in how not to respond to vulnerability reports UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.…
Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked part of its backend, turning trusted download links into a delivery mechanism for something far less welcome.…
How recycled passwords and poor security habits are fueling a cybercrime gold rush Partner Content If you're still using "password123" for more than one account, there's a good chance you've already exposed yourself to credential stuffing attacks — one of the most prevalent and damaging forms of automated cybercrime today. Just ask the 6.9 million users of 23andMe who discovered their personal details were compromised when cybercriminals used recycled credentials from other breaches to infiltrate their accounts.…
Security firm's Salesforce instance accessed using credentials stolen from Salesloft's Drift platform breach Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft Drift break-in to gain entry to its Salesforce instance.…
Your passwords may already be at risk. Partner Content Ever felt that gut punch after losing something important, like your house keys? Now picture those, along with 184 million others, resting in plain sight at the wildest equivalent of Comic-Con for criminals.…
You can find out if your GitHub codebase is leaking keys ... but so can miscreants A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.…
Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials At least 900 websites built with Google's Firebase, a cloud database, have been misconfigured, leaving credentials, personal info, and other sensitive data inadvertently exposed to the public internet, according to security researchers.…
Researchers just scratching surface of their understanding of campaign dating back to 2020 Security researchers have uncovered a multi-year cryptojacking campaign they claim autonomously clones GitHub repositories and steals their exposed AWS credentials.…
That passwordless option is looking really good right about now The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company's customers this week.…
Plus: Citrix ASM has some really bad bugs, and more In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.…
Car manufacturer says bad actors used stolen credentials to break into GM owner accounts Car manufacturer General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts.…