Secrets Security

18 May PhantomBot: A Typosquat Campaign That Pivoted From Credential Theft to a Turnkey Botnet Kit

Posted at 09:44h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident....

Read More

08 May AWS Lambda npm Dependency Confusion Attack: The 24712-pl Campaign

Posted at 12:44h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident....

Read More

07 May alone5511 npm Dependency Confusion Attack

Posted at 14:39h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

An npm dependency confusion attack used eight malicious packages to fingerprint hosts and send RCE telemetry to Telegram....

Read More

07 May AI Security Risks in DevSecOps: Code, Pipelines, and Agents

Posted at 13:38h in AI, Must Read, Secrets Security by Fátima Said 0 Comments

Explore AI security risks in DevSecOps and understand how they affect the software development lifecycle and automation processes....

Read More

06 May EVM/DeFi npm Typosquatting Attack Steals Developer Keys

Posted at 14:58h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

A npm typosquatting attack used six malicious EVM/DeFi packages to steal developer keys, wallets, secrets, and .env files....

Read More

04 May FauxCode: Reverse-Engineered Claude Code Routes Through Attackers

Posted at 19:37h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

FauxCode Claude Code npm malware used fake CLI packages to intercept API traffic through CA-bundle MITM and base URL hijacking....

Read More

04 May DevTap npm Typosquatting Attack: Six Malicious Packages Target Developer Workstations

Posted at 18:43h in Attacks Analysis, Must Read, Secrets Security by Xygeni Security Team 0 Comments

DevTap npm typosquatting attack used six malicious packages to spy on developer workstations and abuse npm trust....

Read More

27 Mar LiteLLM Attack: How Xygeni Stops Secret Exposure Fast

Posted at 14:27h in Attacks Analysis, Must Read, Secrets Security by Fátima Said 0 Comments

LiteLLM attack exposed critical secrets. See how Xygeni detects, verifies, and revokes credentials before attackers use them....

Read More

19 Nov Dockerfile Secrets: Why Layers Keep Your Sensitive Data Forever

Posted at 11:12h in Secrets Security by Stefano Gasperi 0 Comments

Master IaC cyber security with proven infrastructure as code security practices. Prevent risks for Terraform, Kubernetes or CloudFormation....

Read More

19 Nov Docker Build Args: The Hidden Vector for Secret Leaks in Images

Posted at 10:36h in Secrets Security by Carey M. Jackson 0 Comments

Master IaC cyber security with proven infrastructure as code security practices. Prevent risks for Terraform, Kubernetes or CloudFormation....

Read More

06 Nov C# Dictionary: The Subtle Bugs That Break Data Integrity

Posted at 15:16h in Secrets Security by Stefano Gasperi 0 Comments

Master IaC cyber security with proven infrastructure as code security practices. Prevent risks for Terraform, Kubernetes or CloudFormation....

Read More

03 Nov Serilog Pitfalls: When Logging Becomes a Data Leak

Posted at 10:00h in Secrets Security by Stefano Gasperi 0 Comments

Master IaC cyber security with proven infrastructure as code security practices. Prevent risks for Terraform, Kubernetes or CloudFormation....

Read More