Over 10,000 Docker images on Docker Hub are leaking sensitive credentials, including API keys and cloud access tokens, according to security firm Flare. Many of these leaks originate from unmonitored developer accounts, putting critical infrastructure at risk. Even when developers remove secrets, the underlying credentials often remain active, leaving systems vulnerable.

This article discusses the importance of sandboxing and using proxies to protect sensitive data when working with Claude Code. It highlights potential risks, such as API key exposure, and offers practical solutions for managing access and ensuring confidentiality.

SILPH is an open-source tool designed for red team operations, allowing users to dump LSA secrets, SAM hashes, and DCC2 credentials entirely in memory without writing to disk. It integrates with the Orsted C2 framework and runs directly on Windows, avoiding common detection methods. The tool uses advanced Windows APIs to access sensitive data while maintaining stealth.

This article explains how to protect API credentials in MCP server configurations by using 1Password. It details a method to reference secrets from a 1Password vault instead of hardcoding them in plaintext files, reducing the risk of credential exposure.

This article promotes a livestream featuring security experts from Datadog, Bishop Fox, and SecurityHQ. They will discuss critical findings from a recent report, including risks from long-lived credentials, common cloud misconfigurations, and best practices in cloud security. A live Q&A session will also be included.

Attackers exploited vulnerabilities in SolarWinds Web Help Desk to steal high-privilege credentials from various organizations. Microsoft is investigating which specific flaws were used, as multiple recent and old CVEs are in play. Security teams are advised to apply patches and monitor for unauthorized remote management tools.

A phishing campaign is currently targeting LastPass users, using well-crafted emails that often mimic legitimate messages. Attackers aim to trick users into revealing their login credentials, potentially compromising their entire password vault.

ZeroCrumb is a tool that bypasses Chrome's Elevation Service to extract app-bound credentials and cookies. It uses Transacted Hollowing to impersonate a Chrome instance and decrypt keys, allowing access to sensitive data. Users can implement it as a library and customize it for other credential types.

This article discusses findings from the 2025 State of Cloud Security study, highlighting issues like the risks of long-lived credentials and the importance of using AWS Organizations for better security management. It also offers recommendations for improving security postures in cloud environments.

A 4TB SQL backup file from EY was found publicly accessible due to a cloud misconfiguration, exposing sensitive information like API keys and passwords. The breach highlights the risks of modern cloud tools that prioritize convenience over security. EY responded effectively to the incident after being notified.

The article features a live hacking demonstration by Kyle Hanslovan, former NSA operative and Huntress CEO. He showcases how hackers can exploit Microsoft 365, bypass MFA, and compromise systems in under 10 minutes using tactics like social engineering and credential theft.

The article discusses vulnerabilities in Apache Airflow versions before 3.1.6 that can leak sensitive authentication credentials and secrets through logs and user interfaces. Two specific issues allow unauthorized users to access proxy credentials and display sensitive information in the web UI, posing risks to organizations. Immediate upgrades are recommended to mitigate these threats.

This article discusses the risks associated with using static credentials in cloud environments and offers alternatives for managing identities securely. It emphasizes the importance of temporary credentials and modern identity solutions to reduce vulnerabilities and improve security.

Oracle has informed clients of a second cybersecurity breach in which a hacker stole old client log-in credentials from its systems. The stolen data, which includes credentials from as recently as 2024, is being investigated by the FBI and cybersecurity firm CrowdStrike, with the company assuring clients that the compromised system has not been in use for eight years, minimizing the risk.

Recent reports of a massive credentials leak are misleading, as the exposed data comprises previously stolen credentials collected over time from infostealers and data breaches, rather than a new data breach. Users are advised to maintain good cybersecurity practices, including using unique passwords and enabling two-factor authentication to protect their accounts from potential threats.

AWS provides guidance on securely implementing and managing Amazon Bedrock API keys, recommending the use of temporary security credentials via AWS STS whenever possible. It outlines best practices for using short-term and long-term API keys, including monitoring, protection strategies, and the importance of adhering to security policies through service control policies (SCPs).

The TokenEx library enables secure access to cloud resources by providing a unified interface for obtaining and refreshing credentials from multiple cloud providers, including AWS, GCP, Azure, and OCI. It supports various authentication methods and handles token exchanges through workload identity federation, facilitating seamless integration into applications. Developers can easily implement the library in their Go projects to manage credentials efficiently.

Scammers are targeting LastPass users by sending deceptive messages claiming that the users are deceased in an attempt to extract their login credentials. These phishing attempts exploit users' emotions and trust to gain unauthorized access to their accounts. Users are advised to remain vigilant and report any suspicious communications.

A malicious post-install command executed during the installation of the nx build kit created unauthorized GitHub repositories in users' accounts, stealing sensitive information like wallets and API keys. Organizations are urged to review their GitHub activity and rotate credentials to mitigate exposure, while ongoing investigations continue into the incident.

The article discusses techniques for extracting credentials from Microsoft Deployment Toolkit (MDT) shares, highlighting the vulnerabilities that can be exploited by red teamers. It provides insights into the methodologies used to access sensitive information and emphasizes the importance of securing MDT configurations against potential threats.

Kyle Schutt, a software engineer associated with DOGE, has reportedly had his computer infected by malware, leading to his email address and passwords appearing in multiple stealer log datasets. He has been linked to numerous data breaches, and experts warn about the implications of having credentials exposed through malware, emphasizing the importance of strong account security practices.

Explore a variety of learning opportunities to build in-demand AI skills with Google Skills Labs. Engage in hands-on courses and gain insights from experts, while also earning credentials to enhance your career prospects.

The Russian Market has gained popularity as a cybercrime marketplace for stolen credentials, particularly after the takedown of the Genesis Market. With a majority of sold credentials recycled from existing sources, the market features a significant number of logs containing sensitive information, including SaaS and SSO credentials. The rise of new infostealers like Acreed is noted, following the disruption of the Lumma stealer, indicating a dynamic landscape in cybercrime activities.

A critical vulnerability in Argo CD, tracked as CVE-2025-55190, allows API tokens with low project-level permissions to access sensitive repository credentials, posing a significant security risk for organizations using the tool. This flaw, affecting all versions up to 2.13.0, could enable attackers to exploit sensitive data, leading to potential code theft and supply chain attacks. Administrators are urged to update to fixed versions to mitigate the risk.

The Python Software Foundation has issued a warning about new phishing attacks targeting PyPI users, urging them to reset their credentials after receiving fake emails from a fraudulent site. Victims are being misled into verifying their email for account maintenance, which could lead to credential theft and subsequent malware attacks on published packages. Users are advised to change passwords immediately and implement stronger security measures like two-factor authentication.

SonicWall has alerted customers to reset their credentials following a security breach that exposed firewall configuration backup files from MySonicWall accounts. The company has responded by cutting off attacker access, collaborating with law enforcement, and providing guidance for administrators to mitigate risks associated with the exposed data. Less than 5% of SonicWall's firewall install base was affected, and the incident involved brute-force attacks on the API service for cloud backups.

A phishing kit called CoGUI has sent over 580 million emails aimed at stealing credentials and payment data, primarily targeting Japan, but also affecting other countries like the US and Canada. The campaign peaked in January 2025 with 170 campaigns targeting millions of users, and it has been linked to threat actors from China. Researchers warn that the kit's adoption could expand its reach to other cybercriminals and regions.