InfoSecBulletin Cybersecurity for mankind
# “While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been hit by infostealers.” #
A Cyble report reveals that account credentials from multiple cybersecurity vendors are being sold on dark web marketplaces. While most of the exposed credentials belong to customers—likely captured by infostealers infecting their devices—there has also been a concerning number of internal vendor credentials leaked, granting access to sensitive enterprise, development, and security systems.
HPE alerts of hardcoded passwords in Aruba access points
Akira Ransomware Allegedly Compromise 12 Companies in 72 Hours
Singapore urgently engage military force to tackle ‘serious’ cyberattack
Hackers infect 10M Androids with BADBOX 2.0
Oracle Patched 200 Vulns With July 2025 CPU
Ivanti Zero-Days Exploited to Drop MDifyLoader
CISA added Fortinet FortiWeb vul to KEV catalog
Adoption Agency Exposes One Million+ Records
CVE-2025-20337
Patch Now! Cisco ISE bug allows pre-auth command execution
BD Bank Honours PABC Officials for Foiling $20 Million Cyber Fraud Attempt
These credentials can be purchased for as little as $10, with many being harvested from infostealer logs and sold in bulk. Cyble focused on credentials leaked in 2025, finding that all 14 vendors examined had both customer and internal credentials exposed. These vendors primarily provide enterprise and cloud security services, though some consumer security providers were also affected.
The leaked credentials largely belonged to customers and protected access to security management and account interfaces. However, internal vendor credentials were also found, with exposure to systems .
Cyble said it didn’t test to see if the credentials were valid, but noted that many were for “easily accessible web console interfaces, SSO logins and other web-facing account access points.”
In one case, a large vendor had sensitive internal company accounts exposed, including email addresses and developer and product account interfaces, which could pose significant risks depending on the level of access granted to these accounts.
Even if all the exposed accounts were protected by other means, as ideally, they were, such leaks are concerning for one other reason: They can help threat actors conduct reconnaissance by giving them an idea of the systems that a potential target uses, including locations of sensitive data and potential vulnerabilities to exploit.
Other sensitive information exposed by info stealers could include URLs of management interfaces that are unknown to the public, which would give hackers further recon information.
Leaked credentials for security tools and other important systems are important to monitor not only to prevent breaches but also to keep hackers from learning important information about an organization’s systems and how to access them.
Cyble concluded that “If the largest security vendors can be hit by infostealers, so can any organization, making basic cybersecurity practices like MFA, zero trust, vulnerability management and network segmentation important for minimizing – and ideally preventing – data breaches, ransomware and other cyberattacks.”
To read the full in-depth report click here.
Source: Cyble
