Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...

Supply chain attacks feel like they're becoming more and more common.

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

Researchers found thousands of exposed API keys across 10 million webpages, including AWS, Stripe, and OpenAI credentials left vulnerable in public code.

A significant cyber operation exploiting vulnerabilities in improperly configured public websites has been linked to the Nemesis and ShinyHunters hacking groups, exposing sensitive data, including ...

Cybercriminal gangs have exploited vulnerabilities in public websites to steal Amazon Web Services (AWS) cloud credentials and other data from thousands of organizations, in a mass cyber operation ...

Vulnerabilities and misconfiguration in a huge number of public-facing websites allowed the attackers to gain access to sensitive customer data used in AWS services. Terabytes of data belonging to ...