It’s Time to Secure the Biggest Identity Blindspot of Modern Times

Malware bypassed antivirus on an engineering employee’s computer, allowing attackers to steal session tokens, which gave them full access to accounts, even those protected by two-factor authentication.

Threat actors gained access to Slack’s externally hosted GitHub repositories via a “limited” number of stolen Slack employee tokens.

During an ongoing investigation of a breach, Jumpcloud invalidated all API keys and later urged its customers to rotate all tokens provided.

Hackers stole an inactive signing key from a breached Azure system, used it to create valid email access tokens, and accessed Office365 accounts across multiple Azure AD cloud customers.

A published SAS token by Microsoft’s AI researchers exposed 38TB of sensitive data for over 2 years.

Hackers stole GitHub Personal Access Tokens and used them to make unauthorized commits as Dependabot to various repositories.

Attackers used a leaked service account to access Okta’s support case management system, viewing files from recent customer support cases.

Hackers breached Cloudflare’s Atlassian suite via an unrotated token and service account credentials, despite Cloudflare rotating 5000 credentials after the Okta breach.

Russian state-sponsored hackers abused OAuth applications to breach Microsoft’s Office 365 email server, exposing internal email correspondences.

Threat actors stole customer data, including API keys and OAuth tokens. Dropbox recommended rotating these keys and tokens for Google Workspace, Office 365, and Salesforce.

Hundreds of Snowflake instances were breached by the financially motivated threat actor UNC5537, affecting approximately 165 organizations.

Attackers stole the New York Times’ source code by exploiting an over-privileged GitHub token, granting access to all repositories.

HuggingFace reported an unauthorized access to their servers, resulting in the theft of tokens and API keys from its Spaces platform.

JetBrains found a vulnerability in their GitHub Plugin for IntelliJ IDEs, risking unauthorized access to GitHub repositories. They urged customers to revoke the plugin’s access by deleting PATs and OAuth app tokens.

The threat actor Gitloker exploited malicious OAuth apps to target GitHub users, causing significant data loss and ransom demands.

Massive NHI Attack: Insecure AWS stored NHIs and machine credentials lead to compromise of 230 Million cloud environments.