-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Data Exposure | Breaking Cybersecurity News | The Hacker News

Category — Data Exposure
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Jul 14, 2026 Cryptocurrency / Identity Protection
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or email, the same leaks can put a real name to an "anonymous" crypto identity. This is not a hack. The wallets behave exactly as they were built to. The 85 extensions together have about 35 million users listed on the Chrome Web Store. The team, from the university's DistriNet security group,  posted the paper  this month and will present it at the PETS 2026 privacy conference in Calgary in late July. They ran real wallets against real Web3 sites and mapped out five privacy weaknesses in how wallets and websites interact. When they reported the most far-reaching one to the wa...
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

Jul 14, 2026 Artificial Intelligence / Data Privacy
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab , testing version 0.2.93 , captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not to open. The upload rode a separate channel from the model itself, and the byte split is hard to argue with. On a 12 GB repo of files the model never read, model-turn traffic to /v1/responses came to about 192 KB while the storage channel to /v1/storage moved 5.10 GiB, a roughly 27,800x gap between what the model needed and what left the machine. That storage upload ran as 73 chunks of about 75 MB, every one returning HTTP 200, and across the researcher's size sweep the volume tracked total repo size. The destination bucket, grok-code-session-traces , is named in the binary and ...
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

Jun 10, 2026 Cyber Attack / Vulnerability
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory that requires customer access. "The update concerned a security issue that could allow an unauthenticated user, in certain circumstances, to gain greater access to ServiceNow instances than intended." The security update makes changes to an endpoint configuration to limit this access to authenticated users. The security flaw currently does not have a CVE identifier. Details of the issue first emerged on Reddit. ServiceNow said it detected anomalous activity relating to the security issue, and that it observed evidence of successful queries of instance tables against a "subset of customers." Impacted customers have been notified, it added. "The security issue pertai...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

May 29, 2026 Vibe Coding / Shadow AI
Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report ( get it here ), a new category-level investigation covered in May by Axios, WIRED, and VentureBeat, Red Access identified more than 380,000 publicly accessible web assets across the leading vibe-coding platforms. Roughly 5,000 looked corporate. More than 2,000 of those held sensitive corporate, operational, or personal data - sitting on the open web, deployed without basic access controls, often granting admin access by default to anyone who reached the URL. Six continents. Every industry is examined. No exploitation required. Inside organizations, passing their audits while these exposures were live...
Why Secrets in JavaScript Bundles are Still Being Missed

Why Secrets in JavaScript Bundles are Still Being Missed

Jan 20, 2026 API Security / Vulnerability
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches.  Applying this at scale by scanning 5 million applications revealed over 42,000 exposed tokens across 334 secret types, exposing a major class of leaked secrets that is not being handled well by existing tooling, particularly in single-page applications (SPAs). In this article, we break down existing secrets detection methods and reveal what we found when we scanned millions of applications for secrets hidden in JavaScript bundles. Established secrets detection methods (and their limitations) Traditional secrets detection The traditional, fully automated approach to detecting application secrets is to search a set of known paths and apply regular expressions to ma...
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Nov 25, 2025 Data Exposure / Cloud Security
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of usernames, passwords, repository authentication keys, Active Directory credentials, database credentials, FTP credentials, cloud environment keys, LDAP configuration information, helpdesk API keys, meeting room API keys, SSH session recordings, and all kinds of personal information. This includes five years of historical JSONFormatter content and one year of historical CodeBeautify content, totalling over 5GB worth of enriched, annotated JSON data. Organizations impacted by the leak span critical national infrastructure, government, finance, insurance, banking, technology, retail, aerospace, t...
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

Aug 05, 2025 Threat Detection / SaaS Security
In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer responsibility is often unclear. A Quick Breakdown Vulnerabilities are flaws in the codebase of the SaaS platform itself. These are issues only the vendor can patch. Think zero-days and code-level exploits. Misconfigurations , on the other hand, are user-controlled. They result from how the platform is set up—who has access, what integrations are connected, and what policies are enforced (or not). A misconfiguration might look like a third-party app with excessive access, or a sensitive internal site that is accidentally public. A Shared Model, but Split Responsibilities Most SaaS providers...
Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

May 06, 2025 Cloud Security / DevOps
Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team said . "As a result, a large number of applications end up being deployed in a misconfigured state by default, exposing sensitive data, cloud resources, or even the entire environment to attackers." Helm is a package manager for Kubernetes that allows developers to package, configure, and deploy applications and services onto Kubernetes clusters. It's part of the Cloud Native Computing Foundation (CNCF). Kubernetes application packages are structured in the Helm packaging format called charts , which are YAML manifests and templates used to describe the Kuber...
[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach

[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach

Apr 18, 2025 SaaS Security / Shadow IT
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And by the time an alert is triggered—if it even exists—damage may already be done. This Isn’t a Hypothetical Problem. It’s Happening Now. AI adoption inside organizations is no longer strategic. It’s spontaneous. Employees are experimenting, connecting, automating—and bypassing security while doing it. AI systems are becoming embedded in your SaaS stack without visibility or oversight. And it’s creating a new class of shadow integrations—ones that don’t show up in traditional threat models. If your current defenses rely on manual tracking, policy enforcement, or user education alone, you’r...
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Mar 17, 2025 Vulnerability / Cloud Security
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all changed files and directories. The supply chain compromise has been assigned the CVE identifier CVE-2025-30066 (CVSS score: 8.6). The incident is said to have taken place sometime before March 14, 2025. "In this attack, the attackers modified the action's code and retroactively updated multiple version tags to reference the malicious commit," StepSecurity said . "The compromised Action prints CI/CD secrets in GitHub Actions build logs." The net result of this behavior is that should the workflow logs be publicly accessible, they could lead to the unauthorized expo...
Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft

Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft

Dec 29, 2024 Endpoint Protection / Browser Security
A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal cookies and user access tokens. The first company to shed light the campaign was cybersecurity firm Cyberhaven, one of whose employees was targeted by a phishing attack on December 24, allowing the threat actors to publish a malicious version of the extension. On December 27, Cyberhaven disclosed that a threat actor compromised its browser extension and injected malicious code to communicate with an external command-and-control (C&C) server located on the domain cyberhavenext[.]pro, download additional configuration files, and exfiltrate user data. The phishing email, which purported...
Expert Insights Articles Videos
Cybersecurity Resources