Tag
Polymarket reports that the NSA confirms Mythos broke into almost all of their classified systems in hours, indicating a significant AI-related security breach.
Grafana Labs disclosed that a cybercrime group gained unauthorized access to its GitHub repositories via a TanStack npm supply chain attack, downloading codebase and internal data, but no customer production systems were compromised.
TeamPCP claims to have accessed GitHub's internal source code, indicating a significant security breach at the popular development platform.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) exposed its cloud storage credentials in plain text on a public GitHub repository named 'Private-CISA' for about six months, until the leak was fixed over the weekend. No evidence of compromise has been found, but the incident underscores ongoing turmoil within the agency.
Grafana Labs disclosed that an unauthorized party obtained a token granting access to its GitHub environment, enabling the threat actor to download the company's codebase.
The article discusses the security breach of LiteLLM and its implications for AI agent engineering teams, highlighting the need for improved supply chain security and infrastructure governance.
KrebsOnSecurity reports that a Brazilian anti-DDoS firm, Huge Networks, was compromised and its infrastructure used to launch massive DDoS attacks against other Brazilian ISPs via a botnet of insecure routers and DNS servers.
A Roblox cheat infected a Context.ai employee with Lumma Stealer, which led to compromised OAuth credentials being used to breach Vercel's internal systems, exposing non-sensitive environment variables and highlighting risks of broad AI tool OAuth permissions.
Vercel has confirmed an intrusion by the hacker group ShinyHunters, who are openly selling core source code, internal database access, and secrets for $2 million. All Vercel users should immediately review and rotate environment variables and related keys.
Vercel confirmed a security breach affecting a limited subset of customers after threat actors claimed to have stolen data. The breach originated from a compromised employee Google Workspace account via a third-party AI tool (Context.ai), allowing attackers to access unencrypted environment variables and enumerate further access to customer systems.