March 19, 2024 at 06:18AM Google Firebase misconfiguration led to the leak of more than 125 million user records, including plaintext passwords. It began with the hacking of the Chattr AI hiring system, exposing names, phone numbers, emails, and sensitive details. Further exploration found 900 websites exposing data on a massive scale, impacting millions of … Read more
November 22, 2023 at 12:30PM Researchers at Aqua Security have discovered that hundreds of organizations and open-source projects are at risk due to the public exposure of Kubernetes configuration secrets. This vulnerability poses a severe supply chain attack threat as sensitive environments in the Software Development Life Cycle (SDLC) can be accessed. Aqua Security found … Read more
October 27, 2023 at 10:13AM Generative AI tools are becoming a nightmare for security teams as they are used to create deepfakes and sophisticated phishing emails. A survey shows that 56% of employees use generative AI at work, but only 26% of organizations have policies in place. Shadow AI, unauthorized AI tool usage, poses a … Read more
October 26, 2023 at 04:32AM ServiceNow is issuing a fix for a vulnerability that allows unauthenticated attackers to steal sensitive files. The flaw involves default configurations of ServiceNow’s widgets, which can expose personal data. Despite previous code changes, the default configuration still sets widgets to return specified data, making them accessible to attackers. ServiceNow has … Read more