336K Prometheus Instances Exposed to DoS, 'Repojacking'
Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.
Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.
Beyond the devices that use them, Wi-Fi hubs themselves can leak interesting data, thanks to some quirks in Apple's geolocation system.
Researchers found that the private keys and secrets they discovered being exposed within the Docker framework are already being used in the wild.
With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.
API Leak Management software discovers exposed API keys and other secrets, blocks their use, and monitors for abuse, the company says.
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.