GitHub

Microsoft’s Zero-Day Disclosure Backlash: Did Legal Threats Go Too Far?

Microsoft Threatens Legal Action Over Exploit Disclosure

| | BitLocker, bug bounty, Cybersecurity, cybersecurity law, Digital Privacy, Episodes, full disclosure, GitHub, Microsoft security, MSRC, Podcast, Privacy, Proof-Of-Concept Exploit, responsible disclosure, Security Community, security researchers, surveillance, Vendor Accountability, Vulnerability Disclosure, Weekly Edition, zero-day vulnerabilities
Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare ...
Shared Security Podcast
cyberthreats, sentinelone, threats, cybersecurity, threats, business, Aeza, Russia, cybersec, threats, OpenText, threat, Google, threats, critical, infrastructure, ITDR, organizations, cybersecurity posture, infrastructure, threat-hunting program. threat hunting, teams, intelligence, Edge Devices data threats IT cybersecurity defense attack alerts machine identity management insider threats security phishing Cybersecurity Threats on the Rise

Microsoft Dispute with Security Researcher Escalates as Sides Trade Threats

| | Barracuda Networks, coordinated vulnerability disclosure, Cybersecurity researchers, Futurum Group, GitHub, GitLab, Huntress, microsoft vulnerability, Nightmare-Eclipse, zero day exploit attack
Microsoft and the Nightmare-Eclipse security researcher it's feuding with are trading threats in an escalating dispute over the researcher's allegations of mistreatment by the vendor and Microsoft's promise to investigate the uncoordinated ...
Security Boulevard
Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

| | A Little Sunshine, Adam Boileau, cisa, CrowdStrike Falcon, Data breaches, Dylan Ayrey, GitHub, James Wilson, Latest Warnings, Nick Andersen, Rep. Bennie Thompson, Risky Business, Sen. Maggie Hassan, The Coming Storm, TruffleHog, U.S. Cybersecurity & Infrastructure Security Agency
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys ...
Krebs on Security
TeamPCP Takes Cover by Releasing Source Code on GitHub, Spurs Copycats 

TeamPCP Takes Cover by Releasing Source Code on GitHub, Spurs Copycats 

| | copycat, Cybersecurity, Defense, exposed credentials, GitHub, Shai-Hulud, Supply Chain Attacks
Just a brief exposure of source code on GitHub by Shai-Hulud is enough to give TeamPCP plausible deniability and spark copycat campaigns ...
Security Boulevard

Senator Presses CISA for Answers About Alleged GitHub Repository Credential Leak

| | cisa, Cyber threats and incidents, Cybersecurity, GitHub
What happened US Senator Maggie Hassan sent a letter to CISA Acting Director Nick Andersen on Tuesday demanding answers and a classified briefing about an alleged security incident involving a public GitHub ...
CISO Whisperer

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

| | Breach, Cyber threats and incidents, GitHub
What happened GitHub has confirmed that a breach of its internal repositories resulted from a compromised employee device infected through a trojanized version of the Nx Console VS Code extension. The extension, ...
CISO Whisperer
CISA Admin Leaked AWS GovCloud Keys on Github

CISA Admin Leaked AWS GovCloud Keys on Github

| | A Little Sunshine, AWS GovCloud, Cybersecurity & Infrastructure Security Agency, Data breaches, GitGuardian, GitHub, Guillaume Valadon, Latest Warnings, Nightwing, Philippe Caturegli, Seralys, The Coming Storm
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large ...
Krebs on Security

Checkmarx Confirms LAPSUS$ Hackers Leaked Its Stolen GitHub Data

| | Checkmarx, Cyber threats and incidents, Data breach, GitHub
What happened Application security company Checkmarx has confirmed that the LAPSUS$ extortion group published data stolen from its private GitHub repository, with 96 gigabytes of data made available through both dark web ...
CISO Whisperer
Microsoft Windows malware software supply chain

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

| | AI, Bitwarden, Checkmarx, CI/CD Security, GitHub, JFrog Security, MCP, npm repository, OX Security, Shai-Hulud, Socket, StepSecurity, supply chain attack, TeamPCP, Trivy
A compromise of the popular Bitwarden password manager is linked to the ongoing Checkmarx supply chain campaign, with bad actor injecting malicious code in a version of its CLI. However, while there ...
Security Boulevard

Omnistealer uses the blockchain to steal everything it can

| | blockchain, GitHub, Omnistealer, SBN News
This malware is coming for your password managers, saved logins, cloud storage, crypto wallets, and just about anything else it can reach ...
Malwarebytes
Load more