Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys

Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…...

tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability

tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens PATs, npm...

Mozilla: two aws access key and secret key and database username and password exposed

A security vulnerability was identified in a Docker image hosted on Docker Hub. The image, associated with Mozilla's Common Voice project, was found to contain exposed AWS access keys, AWS secret keys, and database credentials. These sensitive credentials were discovered within the file...

How to get rid of AWS access keys- Part 1: The easy wins

Learn how to identify unused and unnecessary long-lived IAM User access keys...

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

A large-scale attack campaign discovered in the wild has been exploiting Kubernetes K8s Role-Based Access Control RBAC to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm...

Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of its integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party...

Bucky - An Automatic S3 Bucket Discovery Tool

Bucky is an automatic tool designed to discover S3 bucket misconfiguration, Bucky consists up of two modules Bucky firefox addon and Bucky backend engine. Bucky addon reads the source code of the webpages and uses Regular ExpressionRegex to match the S3 bucket used as Content Delivery NetworkCDN...

Unprotected Server Exposes Weight Watchers Internal IT Infrastructure

A critical server for popular weight-loss service Weight Watchers was left unprotected, allowing researchers to take a bite out of dozens of exposed S3 buckets containing company data and AWS access keys. Researchers at Kromtech Security said that they discovered a Weight Watchers Kubernetes...