June 2021 presented an opportunity for me to live out my dream of actually being a “good” developer. June was the month GitHub Copilot was introduced. Yes! I thought, no more embarrassing code reviews, no more endless scrolling through stack overflow. I Will Be A Genius! While that didn’t end…

Most organizations today are software development companies. It doesn’t matter much if you are building the latest in cloud computing services or manufacturing paint, you most likely have a team of software engineers building proprietary systems and at the very least you rely heavily on commercial software to keep your…

Building security into our applications is widely considered to be an important priority in mature companies. But even still it is often overlooked at earlier stages of the development making the cost of security exponentially higher the later in the process we start to consider it. …

Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects which the group has claimed is 90% of the source code for Bing and 45% of the source code for Bing Maps and Cortana. …

Nearly 200GB of source code from Samsung and the source code from Nvidia’s latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few months have gone by since…

Please note no information exposed here can be used to harm Twitch and we have provided them with a detailed report outlining the vulnerabilities discovered.

Over the past few years, we have seen a massive increase in software Supply Chain attacks. What is a supply chain attack? This is a type of cyber security attack where adversaries slip malicious code or components into a trusted piece of software or hardware. The goal of such an…

https://youtu.be/Q-s3mnAx6uA TL;DR This breach was done by very sophisticated attackers who exploited a mistake in how Codecov built docker images. They used this to modify a script which allowed them to send the environment variables from the CI of Codecov customers to a remote server. While the attackers could have conducted…

This is another attack executed by the white hat hacking group Sakura Samurai however what makes this breach in particular so interesting is the multiple state-owned organizations that were affected. In total, 26 different government departments and organizations were compromised. …