Credential Theft | Breaking Cybersecurity News | The Hacker News

The conversation around Anthropic's Claude Mythos Preview has understandably centered on zero-days. If AI systems can identify and exploit vulnerabilities across every operating system and browser at scale, defenders have to assume that exploit timelines will keep compressing. But for CISOs, the harder question is how long exposed access credentials remain valid after defenders discover the exposure. Credentials determine how far an attacker can move, how long they can persist, and how difficult containment becomes. A vulnerability just gets them in the door. That gap between time-to-exploit and time-to-revoke is where many organizations are most exposed. GitGuardian's State of Secret Sprawl report shows 64% of valid secrets detected in 2022 were still active and exploitable four years later in an environment where exploitation now collapses to hours. Vulnerabilities get attackers in the door, but credentials decide how far they go. The Mythos-ready briefing , developed b...

There's a war raging in the heart of every developer. On one side, you have the id: the impulse-driven creative force that wants to code at the speed of thought and would prefer to deploy first and ask questions later. On the other side, there's the superego, which wants to test every line of code and would push a release by a month if it meant catching one extra bug.  Experienced developers know how to act as a referee between these two forces and find the right balance between speed and security. But inexperienced or overworked devs often put their id in the driver's seat, which leads (among other things) to accidentally leaking developer secrets. These secrets include things like API and SSH keys, unencrypted credentials, and authentication tokens. Calling developer secrets "the keys to the kingdom" is something of a cliche, but it's tough to think of another phrase that accurately captures the unique power of this data. Unfortunately, the people who most appreciate the pow...

The rapid adoption of SaaS solutions, accelerated by trends such as remote work, cloud computing, big data, and Generative AI (GenAI) has brought significant benefits to organizations. However, this transformation also introduces new attack surfaces and unique challenges for security teams, who must now consider how they can secure the intricate web of SaaS usage across their organization.  Today, the SaaS security landscape is characterized by several key themes and issues: Credential Theft and Stuffing: This trend is fueled by dark web marketplaces where breached credentials are bought, sold, and traded, making it easy for attackers to carry out credential stuffing attacks. Shadow SaaS: The explosion of unauthorized SaaS apps has led to a rise in employees inadvertently exposing sensitive data. Trial or demo accounts are a main source of shadow SaaS.  SaaS Sprawl: In 2023, the average number of SaaS apps used by a business reached 473. Our numbers indicate an increase ...