FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

By Newsroom — February 2nd 2024 at 06:21
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place between November 14 and 24, 2023, and detected on November 23, was carried out "with the goal of
☐ ☆ ✇ The Hacker News

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

By Newsroom — January 11th 2024 at 15:28
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security
☐ ☆ ✇ The Hacker News

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

By Ravie Lakshmanan — November 19th 2022 at 04:30
Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center,
☐ ☆ ✇ The Hacker News

CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

By Ravie Lakshmanan — October 1st 2022 at 06:35
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary
☐ ☆ ✇ The Hacker News

Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

By Ravie Lakshmanan — August 26th 2022 at 19:39
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. <!--adsense--> “An
☐ ☆ ✇ The Hacker News

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

By Ravie Lakshmanan — June 14th 2022 at 09:30
An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other
❌