336K Prometheus Instances Exposed to DoS, ‘Repojacking’

December 12, 2024 at 05:19PM Researchers found over 296,000 exposed Prometheus servers and exporters on the web, revealing sensitive data like plaintext passwords and enabling potential denial of service attacks. Vulnerabilities also posed risks for repojacking attacks, where attackers exploit deleted usernames to execute malicious code. Users are urged to secure their installations. ### Meeting … Read more

15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack

December 5, 2023 at 05:48AM Over 15,000 Go module repositories on GitHub are susceptible to “repojacking,” with vulnerabilities due to user name changes and account deletions. This exploit allows attackers to hijack supply chains by duplicating and publishing malicious modules. GitHub’s countermeasure is ineffective for Go modules, with a call for action from Go or … Read more