Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity
JFrog scanned over eight million artifacts in the most common open-source software registries
Stay informed on the latest exposure risks in information security. Expert analysis, breach updates, and data leak prevention tips. Stay secure!
Search across headline titles and summaries.
Background for this topic.
Exposure is the condition in which a system, service, credential, vulnerability, or sensitive information is accessible or discoverable by people or systems that should not reach it. In threat modeling, it describes an attack surface or loss of control—not proof that an attacker has succeeded. Examples include an internet-facing administration interface, cloud storage with unintended permissions, a secret committed to source code, or personal data sent to an unintended recipient. Its significance depends on what is exposed, who can reach it, and which protections remain.
The primary defense is exposure reduction: maintain an accurate asset inventory, remove unnecessary public access, enforce least-privilege permissions and strong authentication, patch externally reachable software, and revoke leaked credentials or secrets. Encryption can limit the value of exposed data, but does not correct an exposed access path. Continuous scanning and log review help identify changes and support rapid containment when exposure is discovered.
JFrog scanned over eight million artifacts in the most common open-source software registries
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication
Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them.
SOCRadar says sensitive information from 150,000 companies was exposed but Redmond disputes findings Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.…
The data exposure was the result of an "unintentional misconfiguration on an endpoint" and not a security vulnerability, Microsoft said.
Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. [...]
Microsoft said today that some prospective customers' data was exposed by a misconfigured Microsoft server accessible over the Internet [...]
When people banking in the United States lose money because their payment card got skimmed at an ATM, gas pump or grocery store checkout terminal, they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans -- those receiving food assistance benefits via state-issued prepaid debit cards -- are particularly exposed to losses from skimming scams, and usually have little recourse to do anything about it.
Verizon warned prepaid customers that attackers gained access to an undisclosed number of Verizon accounts and used exposed credit card info in SIM swapping attacks. [...]
Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. [...]