⚠️ Critical: Unauthenticated attackers can extract plain-text creds from vulnerable Progress Sitefinity web services, exp

#credentialexposure #cve #cybersecurity #insightvulnerability #iso27001 #progresssoftware #sitefinityvulnerability

Phishers Target Midterm Elections With 5K+ Domain Registrations

Scammers are ramping up their efforts to deceive voters with over 5,000 election-themed domains registered in just two months, providing a fertile ground for phishing, impersonation, and misinformation campaigns to manipulate the midterm elections. This alarming surge in domain registrations has already exposed around…

https://osintsights.com/phishers-target-midterm-elections-with-5k-domain-registrations?utm_source=mastodon&utm_medium=social

#ElectionPhishing #EmergingThreats #PhishingScams #MidtermElections #CredentialExposure

CISA Breach Exposes Sensitive Government Systems

A shocking security lapse at CISA exposed highly sensitive government systems, thanks to a contractor's careless mistake of leaving credentials to privileged AWS GovCloud accounts and internal systems publicly available on GitHub. The error granted unfettered access to a vast array of agency infrastructure, putting national security at risk.

https://osintsights.com/cisa-breach-exposes-sensitive-government-systems?utm_source=mastodon&utm_medium=social

#CisaBreach #EmergingThreats #GovernmentSystems #AwsGovcloud #CredentialExposure

Identity Exposures Form Highways for Cyber Attacks

A single compromised identity can become a superhighway for cyber attacks, giving hackers access to nearly every critical workload a business relies on - as seen in a recent incident where a cached AWS access key on one Windows machine put 98% of the company's cloud environment at risk. Identity has become the ultimate attack path, carrying…

https://osintsights.com/identity-exposures-form-highways-for-cyber-attacks?utm_source=mastodon&utm_medium=social

#CloudSecurity #IdentityManagement #CredentialExposure #Aws #AttackSurface

CISA Contractor Exposes AWS GovCloud Keys in GitHub Leak

A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) made a critical mistake by exposing sensitive AWS GovCloud keys, plaintext passwords, and internal files in a public GitHub repository. The leak, described as one of the worst ever witnessed, included highly privileged credentials and build artifacts for numerous…

https://osintsights.com/cisa-contractor-exposes-aws-govcloud-keys-in-github-leak?utm_source=mastodon&utm_medium=social

#GithubLeak #AwsGovcloud #Cisa #CredentialExposure #CloudSecurity

Hungarian Government Credentials Exposed in Breach Data

The Hungarian government's digital defenses have been left vulnerable after nearly 800 state logins, including defense and NATO-linked accounts, surfaced in breach data, raising serious concerns about the nation's security posture. One alarming example? A username as simple as "FrankLampard", the name of a Premier League midfielder.

https://osintsights.com/hungarian-government-credentials-exposed-in-breach-data?utm_source=mastodon&utm_medium=social

#HungarianGovernment #BreachData #CredentialExposure #EmergingThreats #NationState

Vulnerabilities Exposed in Amazon Bedrock AgentCore Sandbox

Security researchers at Unit 42 have uncovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, revealing that a protective layer meant to separate code and services can be breached using DNS tunneling, exposing sensitive credentials in the process. This alarming discovery highlights the potential risks of slipping…

https://osintsights.com/vulnerabilities-exposed-in-amazon-bedrock-agentcore-sandbox

#AmazonBedrock #Agentcore #SandboxEscape #DnsTunneling #CredentialExposure