data leak
70% of leaked secrets remain active two years later
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, …
How to prevent data leakage in collaboration tools like Slack and Teams
In recent years, collaboration tools have become an absolute necessity for remote and hybrid work. This primarily increased during the COVID-19 pandemic due to the …
Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials. The collection has been …
UN aviation agency investigating possible data breach
The United Nation’s International Civil Aviation Organization (ICAO) confirmed on Monday that it’s “actively investigating reports of a potential information …
Preventing data leakage in low-node/no-code environments
Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While …
Massive troves of Amazon, HSBC employee data leaked
A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP …
Patching problems: The “return” of a Windows Themes spoofing vulnerability
Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes …
Internet Archive data breach, defacement, and DDoS: Users’ data compromised
The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise …
Major data breaches that have rocked organizations in 2024
This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, …
Using Authy? Beware of impending phishing attempts
Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping …
Gitleaks: Open-source solution for detecting secrets in your code
Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million …
361 million account credentials leaked on Telegram: Are yours among them?
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials …
Featured news
Resources
Don't miss
- Spring clean your security data: The case for cybersecurity data hygiene
- How AI agents could undermine computing infrastructure security
- Protecting your personal information from data brokers
- Report: Fortune 500 employee-linked account exposure
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)