The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub.
As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious packages and leaked secrets. The team reports any findings to the relevant maintainers before attackers can take advantage of them. Although many secrets that are leaked in the same manner are encountered, this case was exceptional because it is difficult to overestimate the potential consequences ...
The Voice of Cyber®
Threat Intelligence
Threat Intelligence is a cornerstone of effective cybersecurity involving the collection, analysis, and dissemination of information about potential cyber threats to inform decision-making and enhance an organisation’s security posture. Threat intelligence encompasses data on emerging vulnerabilities, attack techniques, and the tactics employed by threat actors.
Newest Release
Deep Dive Articles
Sort By
- Date
- Title
Major sporting events like the World Cup, Super Bowl, and Wimbledon attract millions, even billions, of viewers. Argentina’s shootout win over France in the final game of the ...
Modern businesses focussed on third-party cyber risk reduction require both a more comprehensive solution to third-party cyber risk; one that fully manages risk by rapidly ...
As the energy sector continues to embrace technology, cybersecurity needs to be prioritised. This requires investment in secure infrastructure, training programs, and skilled ...
Comment and Q&A from Satnam Narang, sr. staff research engineer at Tenable on CVE-2022-38028: GooseEgg EoP Exploit
IP address spoofing involves creating Internet Protocol (IP) packets with a fake source IP address. This is typically done with the intention of deceiving the recipient into ...
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. Think ...
In The News
Sort By
- Date
- Title
Infoblox has exposed Vigorish Viper, a Chinese cybercrime syndicate using sophisticated technology to take advantage of the AU$2.5 trillion illegal gambling economy, with ...
Sydney, Australia, July 18, 2024 - Infoblox Threat Intel released a threat landscape study of the use of registered domain generation algorithms (RDGAs) by malicious actors ...
Cybersecurity expert Imperva (now a Thales company) today released its 2024 DDoS Threat Landscape report which looks at DDoS attacks activity for the first half of 2024, ...
“The assurance of the IRAP assessment for Armis is extremely timely as we mobilise our expertise, empowering our customers and partners in Australia to address the entire ...
Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the ...
On July 4, researchers from Cybernews found a shared file containing 9,948,575,739 unique plaintext passwords on a hacking forum. The password dump appears to be an updated ...
Podcasts On Threat Intelligence