Leak
Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as an autonomous agent, capable of direct system interaction, LLM API call handling, MCP […]
ShinyHunters launches Salesforce data leak site to extort 39 victims
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. The threat actors responsible for these attacks claim to be part of the ShinyHunters, Scattered Spider, and Lapsus$ groups, collectively referring to themselves as “Scattered Lapsus$ […]
ERMAC Android malware source code leak exposes banking trojan infrastructure
The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator’s infrastructure. The code base was discovered in an open directory by Hunt.io researchers while scanning for exposed resources in March 2024. They located an archive named Ermac 3.0.zip, which contained the malware’s code, including backend, […]
ExpressVPN, IP Address, Leak, Privacy, Remote Desktop, VPN,
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users’ real IP addresses. One of the key premises of a VPN is masking a user’s IP address, allowing users to stay anonymous online, and in some cases, bypass censorship. […]
GitHub expands security tools after 39 million secrets leaked in 2024
GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. In a new report by GitHub, the development company says the 39 million secrets were found through its secret scanning service, a security […]
Black Basta ransomware gang’s internal chat logs leak online
An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. ExploitWhispers, the individual who previously uploaded the stolen messages to the MEGA file-sharing platform, which are now removed, has uploaded it to a dedicated Telegram channel. It’s not yet clear if ExploitWhispers […]
GitHub Actions artifacts found leaking auth tokens in popular projects
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. Attackers stealing these tokens could gain unauthorized access to private repositories, steal source code, or inject malicious code into projects. The discovery by Palo Alto Networks’ Unit 42 […]