#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).
Timeline
Breaches
Breaches
March 2025
How iOS Apps Are Leaking Secrets and Endangering User Privacy
In March 2025, The mobile world is buzzing after recent research uncovered a shocking truth about iOS apps: many are...
How reviewdog action Exposed Thousands of Secrets?
On March 11, 2025, The reviewdog/action-setup GitHub Action became the focus of a significant supply chain attack. Malicious activity was...
February 2025
OmniGPT Breach: 34M Conversations Exposed
In February 2025, a significant data breach involving OmniGPT, a widely-used AI-powered chatbot platform, was reported. A threat actor known...
Salt Typhoon Used Cisco Flaw & Stolen Credentials to Hack U.S. Telecoms
In February 2025, Cisco Talos reported that the advanced persistent threat (APT) group known as Salt Typhoon, believed to be...
Cisco Data Breach – Leaks Active Directory Credentials
On 10th February 2025, the Kraken ransomware group claimed responsibility for a data breach involving Cisco Systems. They alleged that...
Zacks Breached, Again: The Fallout for 12 Million Users
In February 2025, the cybersecurity world faced yet another wake-up call, this time, the target was Zacks Investment Research, a...
How ASP.NET Machine Keys Triggered Remote Code Execution Attacks
On February 6, 2025, Microsoft revealed a major security issue involving over 3,000 publicly exposed ASP.NET machine keys. These keys,...
January 2025
DeepSeek Breach: What Went Wrong?
On January 29, 2025, a major security breach involving DeepSeek, a prominent Chinese artificial intelligence (AI) startup, was reported. The...
AWS S3 Buckets Under Attack
In January 2025, the ransomware group "Codefinger" has exploited Amazon Web Services (AWS) to launch a sophisticated campaign targeting Simple...
December 2024
Secrets Exposure Via Azure Key Vault Role
In December 2024, Researchers identified a potential privilege escalation vector in Azure Key Vault. The issue arises from the misconfiguration...
Microsoft Azure OpenAI Service Breached By Hacking-As-A-Service Group To Generate Harmful Content
In December 2024, Microsoft took decisive legal action against a Hacking-as-a-Service (HaaS) platform that exploited vulnerabilities in its Azure OpenAI...
BeyondTrust Breach Causes Major Incident At US Treasury
On December 2, 2024, BeyondTrust, a leading cybersecurity solutions provider specializing in Privileged Access Management (PAM) and Secure Remote Access,...
October 2024
AI LLM Hijack Breach
In October 2024, Permiso Security reported a sophisticated cyberattack revealed critical vulnerabilities in the infrastructure of cloud-hosted large language models...
Emerald Whale Breach
In October 2024, a significant cybersecurity incident known as Emerald Whale shocked the DevOps community. This incident revolved around exposed...
The Internet Archive Breach
The Internet Archive, famous for its Wayback machine and massive digital archives, fell victim to a major data breach affecting...
Cisco Breach
In October 2024, Cisco experienced a significant cybersecurity breach related to Non-Human Identities (NHIs). The threat actor ‘IntelBroker’ exploited exposed...
June 2024
Hugging Face Breach
In early June 2024, Hugging Face, which is considered as a leading company and AI platform, announced a security breach...
The New York Times Breach
In June 2024, the New York Times (NYT), a media powerhouse known for its reporting excellence, became the subject of...
GitLocker Breach
In June 2024, GitHub users fell victim to an extortion campaign targeting their repositories. The threat actor gained unauthorized access...
May 2024
Snowflake Breach
One of the leading cloud data platforms, Snowflake, fell victim to a major cybersecurity breach in May 2024. The breach...
Dropbox Sign Breach
Even the users without Dropbox Sign accounts but involved in signed transactions had their In April 2024, Dropbox Sign, a...
JetBrains Breach
In May 2024, a critical vulnerability (CVE-2024-37051) with a CVSS score of 9.3, was reported in JetBrains’ GitHub plugin for...
November 2023
SAP Breach
In a digital world driven by cloud infrastructure, no one is immune to mistakes even the most established organizations. In...
PyPI Breach
In November 2023, a significant security incident was uncovered involving the exposure of thousands of hardcoded secrets in packages hosted...
Sumo Logic Breach
In the digital era, even security-focused organizations like Sumo Logic aren’t immune to evolving cyber threats. On November 3, 2023,...
Cloudflare Breach
On Thanksgiving Day, November 23, 2023, Cloudflare disclosed a significant breach involving their internal Atlassian systems. The intrusion occurred after...
July 2023
JumpCloud Breach
In July 2023, JumpCloud, a well-known directory-as-a-service provider, made headlines by invalidating all administrator API keys in response to a...
GitHub Dependabot Breach
In July 2023, a sophisticated cyberattack shook the developer community, targeting GitHub repositories at an unprecedented scale. Threat actors exploited...
June 2023
Microsoft Azure Key Breach
In June 2023, Microsoft experienced a major security breach that left many businesses and government agencies vulnerable. The breach, dubbed...
Microsoft SAS Key Breach
In October 2021, Twitch, the popular live streaming platform, suffered a significant data breach, that exposed a significant portion of...
January 2023
T-Mobile Breach
In another cybersecurity incident, T-Mobile reported a data breach affecting 37 million accounts. The breach, caused by a vulnerable Application...
CircleCI Breach
CircleCI, which is considered as a leading continuous integration and delivery (CI/CD) platform, fell victim to a major security breach...
Slack GitHub Breach
In January 2023, Slack, a leading collaboration platform, experienced a security breach involving the unauthorized access of private code repositories...
September 2022
Microsoft OAuth Breach
In a recent security incident, Microsoft disabled compromised verified partner accounts exploited by attackers to conduct OAuth phishing campaigns. These...
Uber Breach
In September 2022, Uber Technologies Inc. faced a significant cybersecurity breach that exposed vulnerabilities within its internal systems. This incident...