Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence AI tool, that was used by an employee at the...

CVE-2021-41077

The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior if .travis.yml has been created locally by a customer, and...

When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddys admission that i...

Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI

Summary Default embedded CF CLI in IBM Cloud CLI version prior to 0.20.0 contains a security vulnerability which might expose customer credentials. Vulnerability Details CVEID: CVE-2019-3800 DESCRIPTION: CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret t...

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...