#credential-exposure

[ follow ]
#api-security #npm #generative-ai-costs #cloud-infrastructure-vulnerabilities #shared-responsibility-model
#api-security
fromTechzine Global
1 day ago
Information security

Misused Gemini API key results in sky-high AI costs for startup

A stolen Google Gemini API key resulted in an $82,000 bill for a small startup in two days, revealing significant financial risks when access credentials are compromised.
fromThe Hacker News
5 days ago
Information security

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

Google Cloud API keys designed for billing are being exploited to access Gemini endpoints and private data, with nearly 3,000 exposed keys found embedded in public websites.
Information security
fromTechzine Global
1 day ago

Misused Gemini API key results in sky-high AI costs for startup

A stolen Google Gemini API key resulted in an $82,000 bill for a small startup in two days, revealing significant financial risks when access credentials are compromised.
more#api-security
Cryptocurrency
fromTheregister
4 days ago

South Korea's tax office apologizes for password leak

South Korea's National Tax Service accidentally exposed cryptocurrency wallet credentials in public photos, leading to the theft of $4.8 million in digital assets within hours.
fromTheregister
2 weeks ago

NHS strategy: Write password on whiteboard, hope for best

We've excised the text, but suffice it to say that the whiteboard contains usernames and passwords for system access. It's a change from a Post-it note stuck to the screen, but it's no less likely to make a security professional shriek in horror. After all, not only is the account exposed, but anyone can use it, which renders an access log somewhat redundant.
Information security
Information security
fromTheregister
2 weeks ago

Password managers don't protect secrets if pwned

Bitwarden, LastPass, and Dashlane can fail to protect credentials under server-compromise scenarios, allowing disclosure or alteration of user passwords.
fromTheregister
4 weeks ago

AWS intruder pulled off AI-assisted cloud break-in in 8 mins

The Sysdig Threat Research Team said they observed the break-in on November 28, and noted it stood out not only for its speed, but also for the "multiple indicators" suggesting the criminals used large language models to automate most phases of the attack, from reconnaissance and privilege escalation to lateral movement, malicious code writing, and LLMjacking - using a compromised cloud account to access cloud-hosted LLMs.
Information security
Information security
fromTechzine Global
1 month ago

Cloudflare vulnerability made every host accessible

A Cloudflare WAF bypass allowed ACME path requests to reach origin servers, exposing credentials and tokens until Cloudflare implemented a permanent fix.
fromCyberScoop
3 months ago

Shai-Hulud worm returns stronger and more automated than ever before

The trojanized npm packages, which were first discovered late Sunday by Charlie Eriksen, security researcher at Aikido Security, were uploaded during a three-day period starting Friday and reference a new version of Shai-Hulud, malware that previously infected npm packages in September. The campaign remains active and is compromising additional repositories, while others have been removed. Researchers haven't observed downstream attacks originating from credentials stolen by the malware.
Information security
Information security
fromInfoQ
4 months ago

HashiCorp Warns Traditional Secret Scanning Tools Are Falling Behind

Traditional secret scanning tools fail to prevent secret exposure; prevention-first integration across developer tools, CI/CD pipelines, and incident response is required.
Information security
fromThe Hacker News
4 months ago

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Widespread compromise of SonicWall SSL VPN devices enabled attackers to rapidly access multiple customer environments using valid credentials.
Information security
fromThe Hacker News
6 months ago

Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

Malicious nx and supporting plugins were published to npm, containing code that harvested credentials, scanned file systems, and exfiltrated data to GitHub repositories.
Privacy technologies
fromHackernoon
2 years ago

xonPlus Launches Real-Time Breach Alerting Platform For Enterprise Credential Exposure | HackerNoon

xonPlus launches a digital risk alert system to help teams detect credential exposures in real-time before attackers can exploit them.
[ Load more ]