June 2, 2024 at 04:57PM Hugging Face’s Spaces platform was breached, exposing authentication secrets for its members. The company detected unauthorized access and suspects a subset of Spaces’ secrets were compromised. They have revoked authentication tokens and recommend users refresh tokens and switch to fine-grained access tokens for tighter security. The company is working with … Read more
November 6, 2023 at 04:28PM Google is warning about the increasing use of native cloud tools by attackers to hide their malicious activities. They highlighted a proof-of-concept exploit called “Google Calendar RAT,” which allows hackers to repurpose Google Calendar events for command-and-control purposes. Although Google has fixed this particular issue, they emphasize that every cloud … Read more
October 19, 2023 at 04:33PM North Korean state-backed threat groups, Diamond Sleet and Onyx Sleet, are exploiting a critical vulnerability in JetBrains TeamCity server to carry out cyber espionage, data theft, and other malicious activities. Over 30,000 organizations, including Citibank, Nike, and Ferrari, use TeamCity. The vulnerability allows attackers to gain administrative privileges and execute … Read more