Secrets exposed by thousands of leading websites SecurityWeek reports that exposed Git directories containing code commits, file paths, source codes, and other secrets were observed across 4,500 websites in the Alexa Top 1 Million Websites list.
BleepingComputer reports that attacks leveraging two vulnerabilities in the open-source object storage service MinIO, which could facilitate object storage service compromise, arbitrary code execution, and server takeovers, are underway.
According to Mandiant, threat group UNC4841 dropped a second wave of backdoor malware on some victims, including government organizations, to maintain persistence for espionage purposes.
Ashley Benge, director of threat intelligence advocacy at ReversingLabs, told SC Media that unlike other popular games, the average developer making Roblox levels is likely to be younger, unattached to a larger corporate or business entity and less sophisticated about threats from open source software.