A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created AWS-Key-Hunter after discovering over 100 exposed AWS access keys, many with high privileges, in public repositories. He described these findings as “just waiting to be exploited” in his blog about …

An unknown threat cluster has targeted European healthcare organizations, deploying PlugX and ShadowPad. In some cases, these intrusions resulted in the use of ransomware called NailaoLocker. Orange Cyberdefense CERT’s Green Nailao campaign targeted a newly patched security flaw (CVE-2024-24919, CVSS score: 7.5) in Check Point network gateway products. The attacks …

Citrix has issued security updates for a serious vulnerability in the NetScaler Console and NetScaler Agent that could allow privilege escalation in specific situations. The vulnerability, identified as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0 It involves improper handling of user …