Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. [...]
Company Says No Evidence So Far That Version Release or Distribution AffectedTrellix disclosed over the weekend that hackers found their way to its source code repository. The company said that investigation so far turned up "no evidence that our source code release or distribution process was affected, or that our source code has been exploited."
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. [...]
F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.
U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product
U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. [...]
Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus
Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors
Russian Foreign Intelligence Service Hack Gets Worse for Computing GiantA Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators. Microsoft said a Moscow threat actor obtained access to "source code repositories and internal systems."
Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. [...]
Computing Giant Says Hackers Did Not Access Customer Data or Production SystemsRussian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."
Computing Giant Says Hackers Did Not Access Customer Data or Production SystemsRussian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."
A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it's worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.
Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems
Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month
Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS)
File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub