#credential-leakage

[ follow ]
#api-key-security #cloud-billing-fraud #video-and-image-inferencing #access-controls #openclaw
Privacy professionals
fromtheregister
19 hours ago

Google users fight for refunds as unauthorized API usage bills soar

Compromised Google Cloud API keys have enabled attackers to run costly video and image inferencing, causing large unexpected bills and disputes over responsibility.
Information security
fromTheregister
3 months ago

It's easy to backdoor OpenClaw, and its skills leak API keys

OpenClaw agents and the ClawHub marketplace expose credentials and enable indirect prompt injection, allowing backdoors, data theft, and unintentional leakage of financial information.
fromInfoQ
3 months ago

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

Wiz Security's research team identified that a subset of repositories configured regular expressions for AWS CodeBuild webhook filters intended to limit trusted actor IDs, but these filters were insufficient, allowing a predictably acquired actor ID to gain administrative permissions. The four affected repositories that put the AWS Console supply chain at risk were the AWS SDK for JavaScript v3, the general-purpose cryptographic library aws-lc, amazon-corretto-crypto-provider, and awslabs/open-data-registry, a repository of publicly available datasets accessible from AWS resources.
Information security
fromSecuritymagazine
5 months ago

65% of the Forbes AI 50 List Leaked Sensitive Information

Many leading private AI companies have leaked sensitive credentials on GitHub, risking exposure of training data, private models, and organizational assets.
[ Load more ]