The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.
Morning Overview on MSN
Study finds thousands of sites exposed API keys and other credentials
Researchers scanning 10 million webpages have found that nearly 10,000 pages contained live API credentials left in plain sight, potentially exposing access to services from cloud platforms to payment ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results