On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor any customer data were included in the downloaded repositories. Upon being notified of the incident, Slack immediately invalidated…
There is no doubt that you heard about and seen the latest OpenAI’s brilliant called ChatGPT. It can write poems,…
The (winter) solstice is fast approaching, along with the end-of-year holidays – before we know it, it’ll be 2023 already!…
The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it…
The most recent Azure CLI Code Injection vulnerability is a rare and dangerous case. It’s not often that the most…
This is a busy week for the whole Wallarm team as we are sponsoring two big conferences at the very…
The kind of API security scenarios we witnessed today were never like this from the beginning of time. It has…
WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile,…
What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called…