By Deeba Ahmed
The police arrested two suspects in Beijing and two in Inner Mongolia.
This is a post from HackRead.com Read the original post: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

The individuals confessed to creating variations of ransomware, enhancing the software through the utilization of OpenAI’s ChatGPT, carrying out vulnerability scans, infiltrating networks to secure access, deploying ransomware, and engaging in extortion.

Chinese media has reported the country’s first major step towards countering the use of ChatGPT as four Chinese individuals have been arrested for developing ransomware using ChatGPT. This is the country’s first instance involving the popular yet officially banned chatbot.

The arrests should not come as a surprise, as cybercriminals have been eager to exploit the AI chatbot for malicious purposes. Those who could not exploit it have created their own versions of the malicious ChatGPT, infamously known as WormGPT and FraudGPT.

According to the South China Morning Post (SCMP), the cyber attackers came under the authorities’ radar after an unidentified company in Hangzhou reported a cybercrime. The hackers demanded 20,000 Tether to unblock/restore access to their systems.

In late November 2023, the police arrested two suspects in Beijing and two in Inner Mongolia. The suspects admitted to writing ransomware versions, optimizing the program using the popular chatbot, conducting vulnerability scans, infiltrating networks to gain access and implanting ransomware, and performing extortion.

The use of ChatGPT, a chatbot developed by OpenAI, is prohibited in China as part of Beijing’s initiatives to limit access to foreign generative artificial intelligence products. In response, China has introduced its own version of ChatGPT named Ernie Bot. However, the report does not provide clear information on whether utilizing ChatGPT is subject to legal charges in China.

According to SCMP’s report, three of the detainees were previously implicated in other criminal activities, including spreading misinformation and selling stolen CCTV footage through deep fake technology.

Despite OpenAI blocking internet protocol addresses in China, Hong Kong, and sanctioned regions such as North Korea and Iran, certain users find ways to bypass these restrictions by using VPNs and obtaining phone numbers from supported areas. However, engaging in such circumvention practices may expose users to potential legal consequences.

Legal cases involving the use of generative AI have increased in China due to its mass popularity and potential for crimes. In May 2023, reportedly, a man was detained in Gansu province for allegedly using ChatGPT to spread fake news about a train crash.

****_RELATED ARTICLES_****

1.  **Why are Google and Facebook banned in China?**
2.  **List of Eight Popular websites That are Banned in China**
3.  **China arrests 11 for infecting 250M devices with Fireball malware**
4.  **Hackers Claiming to Jailbreak AI Chatbots to Write Phishing Emails**
5.  **Researchers Leverage ChatGPT to Expose Notorious macOS Malware**

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

By Deeba Ahmed
The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability.
This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users

Comcast Cable Communications, LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users.

Comcast\-owned brand Xfinity has initiated the process of notifying its customers about a significant data breach impacting tens of millions of users. The data breach is linked to the critical vulnerability in Citrix software.

It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability. The report indicated that not one, but four uncategorized threat actor groups were involved in the exploitation.

The telecommunication giant, which offers a wide range of services including internet, TV, and phone, stated in the notice sent on Monday that hackers exploited a software vulnerability to access its customers’ personal information.

Xfinity discovered the suspicious activity on October 25, and by December 6 it determined that compromised data may include usernames, hashed passwords, last four digits of Social Security numbers, account security questions, birthdates, and contact information.

According to a breach notification filed with the Maine Attorney General, the breach affected around 35.9 million user accounts, representing a significant portion of its overall user base, which comprises 32 million broadband users. 

Cloud computing firm Citrix discovered a vulnerability (CVE-2023-4966) dubbed Citrix Bleed in early October, which affected products used by companies like Xfinity.

It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability.

The report revealed that four uncategorized threat actor groups were involved in exploiting the vulnerability. This vulnerability affects NetScaler ADC and Gateway appliances, allowing them to manipulate user sessions without requiring authentication measures. The same vulnerability was previously linked to hacks targeting the Industrial and Commercial Bank of China’s New York branch and a Boeing subsidiary.

Xfinity patched the vulnerability, but unauthorized access to its internal systems led to data compromise by mid-November. In its official statement, Xfinity’s spokesperson stated that there is no evidence of customers’ data being leaked or targeted attacks.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.”

Nevertheless, all Xfinity customers are urged to reset their passwords and are advised to use two-factor authentication for added security.

In a comment to Hackread.com, Immersive Labs’ Director of Cyber Threat Research Kev Breen warned companies to timely patch security vulnerabilities as threat actors are quick to exploit them.

“In 2022, the median time to exploitation was one day from exploitation, while the timing of public patches was on average 7 days. This year we’ve consistently seen recently disclosed vulnerabilities and zero days actively exploited in the wild by threat actors at scale.”

Breen also argued the culture of non-existing cybersecurity and vulnerability disclosure-related transparency, despite the US government’s strict and recent policies holding software companies liable for data breaches.

“Despite government intervention to try and strengthen transparency and guidance around cybersecurity practices, many standard implementations still haven’t kept pace. For example, FedRAMP guidelines say organizations have 30 days to remediate high-risk threats — yet attackers just need one day to discover a vulnerability and take advantage to wreak havoc on systems and cause costly damage to organizations.”

This, however, is not the first time Comcast has made headlines for data breaches. In November 2015, the company discovered that 200,000 user login credentials, including email addresses and passwords, were leaked and being sold on the dark web. The company attributed the incident to customers falling victim to malware and phishing attacks.

As for the latest data breach, Comcast, under new Securities and Exchange Commission rules, must disclose cybersecurity breaches affecting their bottom line within four days but has not yet filed such a report, according to The Associated Press.

****_RELATED ARTICLES_****

1.  **US aerospace services provider data breach loses 1.5 TB of data**
2.  **Mortgage Giant Mr. Cooper Data Breach; 14 Million Users Impacted**
3.  **Hackers Leak Thousands of Idaho National Lab Employees’ PII Data**
4.  **Sony Data Breach via MOVEit Vulnerability Affects Thousands in US**
5.  **Hackers Access User Info, Corporate Systems in MongoDB Data Breach**
6.  **Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack**

Xfinity Rocked with Data Breach Impacting 36 Million Users

MongoDB has warned customers about a data breach that leaked information about their customers. The incident is under investigation.

Database provider MongoDB has posted a security notice about a security incident in which attackers obtained unauthorized access to some of its corporate systems. The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer.

That customer has been notified separately and there is no evidence that any other customers’ system logs were accessed. MongoDB said there is no evidence of unauthorized access to Atlas clusters since that would require compromise of the separate Atlas cluster authentication system.

On Wednesday December 13, 2023, MongoDB’s staff detected suspicious activity and began an investigation. The investigation is ongoing, but it appears that the unauthorized access was going on for “some period of time” before discovery.

In emails sent to MongoDB customers, MongoDB advises users to be alert about phishing and social engineering attacks that might use the leaked customer metadata to gain credibility.

Scammers often try to take advantage of data breaches. They know that the breached company is likely to be contacting victims, and that the victims will be looking out for emails from the company. It’s easy to spoof an email to make it look like it comes from somewhere else, and then send someone malware or a link to a phishing site.

Users are also advised to rotate database passwords and enable multi-factor authentication (MFA).

If you suspect you might be affected by this data breach, you may want to keep an eye on the alert page with additional information as MongoDB continues to investigate the matter. And if there is anything important, we will update this article.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 MongoDB warns customers about data breach after cyberattack 

By Waqas
MongoDB updated its status alert page with new details about the incident on December 17, 2023, at 9:00 PM EST.
This is a post from HackRead.com Read the original post: MongoDB Breach Update: Names, Emails Exposed, Atlas Secured

Stay informed about MongoDB’s response to unauthorized access in certain corporate systems, involving exposure of customer data like names, phone numbers, and email addresses.

In a recent update regarding the security incident at **MongoDB**, the company has released information that as of 9:00 PM EST on December 17, 2023, there is no evidence of unauthorized access to MongoDB Atlas clusters.

MongoDB’s Chief Information Security Officer (CISO), Lena Smart, assured users that no security vulnerabilities have been identified in any MongoDB product as a result of the incident.

The security breach, initially detected on December 13, 2023, and **exclusively reported by Hackread.com**, involved unauthorized access to certain MongoDB corporate systems, leading to the exposure of customer account metadata and contact information. However, MongoDB now confirms that their investigation has found no indication that the authentication system for MongoDB Atlas clusters has been compromised.

The MongoDB Atlas cluster access is authenticated through a separate system from MongoDB corporate systems. This segregation of systems ensures an additional layer of security for customer data stored in MongoDB Atlas, and the company emphasizes that no evidence of compromise has been identified in this crucial authentication process.

“To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident,” the company restated.

The accessed corporate systems contained customer names, phone numbers, email addresses, and other customer account metadata. MongoDB has taken steps to notify the affected customers promptly. Notably, the company has identified system logs access for one customer, but no evidence suggests that the system logs of any other customers were compromised.

The investigation into the security incident is ongoing, and MongoDB is actively collaborating with relevant authorities and forensic firms to gather further insights. The company has committed to keeping its users informed by updating the **alert page** with additional information as the investigation progresses.

MongoDB encourages users to remain vigilant for potential social engineering and phishing attacks, especially given the accessed customer account metadata and contact information. As a precautionary measure, MongoDB advises all customers, if not already implemented, to activate phishing-resistant multi-factor authentication (**MFA**) and regularly rotate passwords.

MongoDB users are urged to be watchful for **phishing emails** that may falsely claim to originate from the company, claiming to provide new updates. However, the actual motive could be to exploit the situation and attempt to steal user data.

****_RELATED ARTICLES_****

1.  **47% of online MongoDB databases hacked demanding ransom**
2.  **11 million personal unprotected MongoDB records leaked online**
3.  **Ride-hailing app leaks data of millions of Iranians from MongoDB**
4.  **Unprotected MongoDB leaks resume of 202M Chinese job seekers**
5.  **Hackers leave ransom note after wiping out MongoDB in 13 seconds**

MongoDB Breach Update: Names, Emails Exposed, Atlas Secured

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information.
The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response

Cyber Attack / Data Security

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information.

The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response efforts.

It further noted that "this unauthorized access has been going on for some period of time before discovery," but emphasized it's not "aware of any exposure to the data that customers store in MongoDB Atlas.". It did not disclose the exact time period of the compromise.

In light of the breach, MongoDB recommends that all customers be on the lookout for social engineering and phishing attacks, enforce phishing-resistant multi-factor authentication (MFA), as well as rotate their MongoDB Atlas passwords.

That's not all. The company said it's also experiencing elevated login attempts that are causing issues for customers attempting to log in to Atlas and our Support Portal. It, however, said the problem is unrelated to the security event.

The Hacker News has reached out to MongoDB for additional comments, and we will update the story if we hear back.

_(This is a developing story. Please check back for more updates.)_

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

MongoDB Suffers Security Breach, Exposing Customer Data

By Waqas
The latest cybersecurity incident to impact a large-scale and highly popular company is the MongoDB Data Breach.
This is a post from HackRead.com Read the original post: Hackers Access Customer Info, Corporate Systems in MongoDB Data Breach

In an email, Lena Smart, MongoDB’s Chief Information Security Officer (CISO), confirmed the latest MongoDB Data Breach, revealing that while investigations are underway, it has been verified that hackers accessed customer metadata and contact information.

**MongoDB**, a leading database management company, has fallen victim to a security incident resulting in unauthorized access to certain corporate systems. The breach, detected on the evening of December 13th, 2023, US Eastern Standard Time, has prompted an immediate and comprehensive investigation by the company.

The breach includes the exposure of customer account metadata and contact information, heightening concerns about the potential misuse of sensitive data. MongoDB activated its incident response process upon the discovery of suspicious activities, but it is believed that the unauthorized access may have been ongoing for some time before being detected.

****Lena Smart****, MongoDB’s Chief Information Security Officer (CISO), sent an email communication to MongoDB customers, outlining the details of the breach and urging caution in the wake of potential social engineering and phishing threats. The company assures customers that, as of now, there is no indication of exposure to the data stored in MongoDB Atlas, a cloud-based database service.

Despite the incident, MongoDB is actively managing the situation, with ongoing updates promised on their alert page (**mongodb.com/alerts**) as the investigation progresses. Relevant authorities have also been notified, underlining the seriousness of the security breach.

In a subsequent update at 5:25 PM EST on December 16, 2023, MongoDB reported a spike in login attempts, causing issues for customers attempting to access the MongoDB Atlas and Support Portal. However, MongoDB clarified that this was unrelated to the security incident and advised affected users to try again in a few minutes.

Lena Smart, in her email to customers, emphasized proactive steps to mitigate potential risks. MongoDB recommends customers be vigilant for **social engineering and phishing attacks** and take immediate action, such as activating phishing-resistant multi-factor authentication (MFA) and regularly rotating MongoDB Atlas passwords.

Hi,

MongoDB is investigating a security incident involving
unauthorized access to certain MongoDB corporate
systems. This includes exposure of customer account
metadata and contact information. At this time, we
are NOT aware of any exposure to the data that
customers store in MongoDB Atlas.

We detected suspicious activity on Wednesday (Dec.
13th, 2023) evening US Eastern Standard Time and
immediately activated our incident response process.
We are still conducting an active investigation and
believe that this unauthorized access has been going
on for some period of time before discovery. We have
also started notifying relevant authorities.

What should you do next?

Since we are aware that some customer
account metadata and contact information was
accessed, please be vigilant for social
engineering and phishing attacks.

If not already implemented, we encourage all
customers to activate phishing-resistant multi-
factor authentication (MFA) and regularly rotate
passwords.

MongoDB will continue to update mongodb.com/alerts
with additional information as we continue to
investigate the matter.

Sincerely,
Lena Smart
MongoDB CISO

Email sent by the company’s CISO reveals the latest MongoDB data breach (Screenshot credit: Hackread.com)

As the investigation unfolds, MongoDB customers are anxiously awaiting further updates on the situation. The incident serves as a stark reminder of the constant and evolving threats faced by companies in the digital age, underscoring the importance of robust cybersecurity measures and the need for continuous vigilance in safeguarding sensitive customer information.

****_RELATED ARTICLES_****

1.  **47% of online MongoDB databases hacked demanding ransom**
2.  **11 million personal unprotected MongoDB records leaked online**
3.  **Ride-hailing app leaks data of millions of Iranians from MongoDB**
4.  **Unprotected MongoDB leaks resume of 202M Chinese job seekers**
5.  **Hackers leave ransom note after wiping out MongoDB in 13 seconds**

Hackers Access Customer Info, Corporate Systems in MongoDB Data Breach

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

**DoraCMS Verification Code Reuse****Vulnerability Description**

In the DoraCMS backend, when logging in by entering the account and password, the verification code can be reused. This allows for a weak password brute-force attack using the same verification code multiple times.

**Affected Versions**

DoraCMS version 2.1.8

**Source Code Download Link**

https://github.com/doramart/DoraCMS

**Environment Deployment Tool**

VSCode MongoDB

**Reproduction Steps:**

Access the backend address: http://192.168.184.142:8080/dr-admin Enter the account 'doracms', followed by the password and verification code. Click on the login button.  To capture the request using Burp Suite:  To use Burp Suite Intruder for password brute-forcing:  When incorrect passwords can still be used for brute-force attacks, it indicates that the verification code can be reused.    At the 50th attempt, the login was successful.   The entered password is 123456  Login successful

CVE-2023-49443: GitHub - woshinibaba222/DoraCMS-Verification-Code-Reuse

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function.

**广受欢迎的开源堡垒机**

   

9 年时间，倾情投入，用心做好一款开源堡垒机。

JumpServer 是广受欢迎的开源堡垒机，是符合 4A 规范的专业运维安全审计系统。

JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型的资产，包括：

*   **SSH**: Linux / Unix / 网络设备 等；
*   **Windows**: Web 方式连接 / 原生 RDP 连接；
*   **数据库**: MySQL / MariaDB / PostgreSQL / Oracle / SQLServer / ClickHouse 等；
*   **NoSQL**: Redis / MongoDB 等；
*   **GPT**: ChatGPT 等;
*   **云服务**: Kubernetes / VMware vSphere 等;
*   **Web 站点**: 各类系统的 Web 管理后台；
*   **应用**: 通过 Remote App 连接各类应用。

**产品特色**

*   **开源**: 零门槛，线上快速获取和安装；
*   **无插件**: 仅需浏览器，极致的 Web Terminal 使用体验；
*   **分布式**: 支持分布式部署和横向扩展，轻松支持大规模并发访问；
*   **多云支持**: 一套系统，同时管理不同云上面的资产；
*   **多租户**: 一套系统，多个子公司或部门同时使用；
*   **云端存储**: 审计录像云端存储，永不丢失；

**UI 展示**

**在线体验**

*   环境地址：https://demo.jumpserver.org/

⚠️ 注意

该环境仅作体验目的使用，我们会定时清理、重置数据！

请勿修改体验环境用户的密码！

请勿在环境中添加业务生产环境地址、用户名密码等敏感信息！

**快速开始**

*   快速入门
*   产品文档
*   在线学习
*   知识库

**案例研究**

*   腾讯音乐娱乐集团：基于JumpServer的安全运维审计解决方案
*   腾讯海外游戏：基于JumpServer构建游戏安全运营能力
*   万华化学：通过JumpServer管理全球化分布式IT资产，并且实现与云管平台的联动
*   雪花啤酒：JumpServer堡垒机使用体会
*   顺丰科技：JumpServer 堡垒机护航顺丰科技超大规模资产安全运维
*   沐瞳游戏：通过JumpServer管控多项目分布式资产
*   携程：JumpServer 堡垒机部署与运营实战
*   大智慧：JumpServer 堡垒机让“大智慧”的混合 IT 运维更智慧
*   小红书：JumpServer 堡垒机大规模资产跨版本迁移之路
*   中手游：JumpServer堡垒机助力中手游提升多云环境下安全运维能力
*   中通快递：JumpServer主机安全运维实践
*   东方明珠：JumpServer高效管控异构化、分布式云端资产
*   江苏农信：JumpServer堡垒机助力行业云安全运维

**社区交流**

如果您在使用过程中有任何疑问或对建议，欢迎提交 GitHub Issue。

您也可以到我们的 社区论坛 当中进行交流沟通。

**参与贡献**

欢迎提交 PR 参与贡献。 参考 CONTRIBUTING.md

**组件项目**

项目

状态

描述

Lina

JumpServer Web UI 项目

Luna

JumpServer Web Terminal 项目

KoKo

JumpServer 字符协议 Connector 项目

Lion

JumpServer 图形协议 Connector 项目，依赖 Apache Guacamole

Razor

JumpServer RDP 代理 Connector 项目

Tinker

JumpServer 远程应用 Connector 项目

Magnus

JumpServer 数据库代理 Connector 项目

Chen

JumpServer Web DB 项目，替代原来的 OmniDB

Kael

JumpServer 连接 GPT 资产的组件项目

Wisp

JumpServer 各系统终端组件和 Core API 通信的组件项目

Clients

JumpServer 客户端 项目

Installer

JumpServer 安装包 项目

**安全说明**

JumpServer是一款安全产品，请参考 基本安全建议 进行安装部署。如果您发现安全相关问题，请直接联系我们：

*   邮箱：support@fit2cloud.com
*   电话：400-052-0755

**License & Copyright**

Copyright (c) 2014-2023 飞致云 FIT2CLOUD, All rights reserved.

Licensed under The GNU General Public License version 3 (GPLv3) (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.gnu.org/licenses/gpl-3.0.html

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an " AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

CVE-2023-48193: GitHub - jumpserver/jumpserver: JumpServer 是广受欢迎的开源堡垒机，是符合 4A 规范的专业运维安全审计系统。

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.
The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.

The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads, Checkmarx said in a new report. A majority of the downloads originated from the U.S., China, France, Hong Kong, Germany, Russia, Ireland, Singapore, the U.K., and Japan.

"A defining characteristic of this attack was the utilization of steganography to hide a malicious payload within an innocent-looking image file, which increased the stealthiness of the attack," the software supply chain security firm said.

Some of the packages are pyefflorer, pyminor, pyowler, pystallerer, pystob, and pywool, the last of which was planted on May 13, 2023.

A common denominator to these packages is the use of the setup.py script to include references to other malicious packages (i.e., pystob and pywool) that deploy a Visual Basic Script (VBScript) in order to download and execute a file named "Runtime.exe" to achieve persistence on the host.

Embedded within the binary is a compiled file that's capable of gathering information from web browsers, cryptocurrency wallets, and other applications.

An alternate attack chain observed by Checkmarx is said to have hidden the executable code within a PNG image ("uwu.png"), which is subsequently decoded and run to extract the public IP address and the universally unique identifier (UUID) of the affected system.

Pystob and Pywool, in particular, were published under the guise of tools for API management, only to exfiltrate the data to a Discord webhook and attempt to maintain persistence by placing the VBS file in the Windows startup folder.

"This campaign serves as another stark reminder of the ever-present threats that exist in today's digital landscape, particularly in areas where collaboration and open exchange of code are foundational," Checkmarx said.

The development comes as ReversingLabs uncovered a new wave of protestware npm packages that "hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip."

One of the packages, named @snyk/sweater-comb (version 2.1.1), determines the geographic location of the host, and if it's found to be Russia, displays a message criticizing the "unjustified invasion" of Ukraine through another module called "es5-ext"

Another package, e2eakarev, has the description "free palestine protest package" in the package.json file, and carries out similar checks to see if the IP address resolves to Israel, and if so, log what's described as a "harmless protest message" that urges developers to raise awareness about the Palestinian struggle.

It's not just threat actors infiltrating open-source ecosystems. Earlier this week, GitGuardian revealed the presence of 3,938 total unique secrets across 2,922 PyPI projects, of which 768 unique secrets were found to be valid.

This includes AWS keys, Azure Active Directory API keys, GitHub OAuth app keys, Dropbox keys, SSH keys, and credentials associated with MongoDB, MySQL, PostgreSQL, Coinbase and Twilio.

What's more, many of these secrets were leaked more than once, spanning multiple release versions, bringing the total number of occurrences to 56,866.

"Exposing secrets in open-source packages carries significant risks for developers and users alike," GitGuardian's Tom Forbes said. "Attackers can exploit this information to gain unauthorized access, impersonate package maintainers, or manipulate users through social engineering tactics."

The continuous wave of attacks targeting the software supply chain has also prompted the U.S. government to issue new guidance this month for software developers and suppliers to maintain and provide awareness about software security.

"It is recommended that acquisition organizations assign supply chain risk assessments to their buying decisions given the recent high profile software supply chain incidents," the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) said.

"Software developers and suppliers should improve their software development processes and reduce the risk of harm to not just employees and shareholders, but also to their users."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out.

Tag

#mongo