Friday , May 23 2025

New York Times source code compromised using exposed GitHub token

The New York Times’ internal source code and data were leaked on the 4chan message board. The new work times confirmed to Bleeping Computer that they were stolen from the company’s GitHub repositories in January 2024.

     Source; vx underground

An anonymous user leaked internal data on Thursday. They posted a torrent containing a 273GB archive of the stolen data, as revealed by VX-Underground.

184 Million Leaked Credentials Discovered in Open Database

Security researchers have discovered a database with 184 million account credentials, highlighting the need to update compromised passwords, strengthen weak...
Read More
184 Million Leaked Credentials Discovered in Open Database

Palo Alto Networks Warns of XSS Flaw: PoC Released

Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its...
Read More
Palo Alto Networks Warns of XSS Flaw: PoC Released

Pwn2Own Berlin reveals 29 critical vulns in major tech firms

Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies....
Read More
Pwn2Own Berlin reveals 29 critical vulns in major tech firms

High-Severity Flaw Hits Atlassian Jira Data Center

A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by...
Read More
High-Severity Flaw Hits Atlassian Jira Data Center

All major mobile networks go down across Spain

A nationwide phone network has gone down in Spain, shortly after blackouts caused chaos and significant financial losses. Emergency services...
Read More
All major mobile networks go down across Spain

Researchers found 200 billion files exposed in cloud buckets

Billions of files, including documents, source code, and backups, are leaking because of misconfigured cloud storage. Cyble, a cybersecurity company...
Read More
Researchers found 200 billion files exposed in cloud buckets

Bank server compromised using customer’s mobile, steal ₹11 crore

Cyber fraudsters hacked the Himachal Pradesh State Cooperative Bank's server using a customer's mobile phone. According to reports, the fraudsters...
Read More
Bank server compromised using customer’s mobile, steal ₹11 crore

“InfoSecCon-2025″ held successfully promising cyber resilience

"InfoSecCon-2025" was successfully held with tremendous audiences with various time demanding topics and keynotes at Dhaka on 16 May- 2025....
Read More
“InfoSecCon-2025″ held successfully promising cyber resilience

Intel PC, laptop and server processors affected for 6 years: Report

A new class of vulnerabilities in Intel processors, called Branch Predictor Race Conditions (BPRC), enables attackers to extract sensitive data...
Read More
Intel PC, laptop and server processors affected for 6 years: Report

CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE

Siemens issued a security advisory (SSA-047424) for two serious vulnerabilities—CVE-2025-26389 and CVE-2025-26390—impacting the OZW672 and OZW772 web servers. These servers...
Read More
CVSS 10.0 Flaw  Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE

“Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan forum post.

The attacker shared a text file with a list of 6,223 folders stolen from the company’s GitHub repository.Many different types of information were stolen, such as IT documentation, infrastructure tools, and source code. This includes the popular Wordle game.

According to the ‘readme’ file, the attacker used a GitHub token that was exposed to gain unauthorized access to the company’s repositories and steal data.

    Source: Bleeping computer

In a statement to BleepingComputer, The Times said the breach occurred in January 2024 after credentials for a cloud-based third-party code platform were exposed. A subsequent email confirmed this code platform was GitHub.

The company stated that the breach of its GitHub account did not affect its internal corporate systems and had no impact on its operations.

Check Also

Google

Google patched 2 Android zero-days and 60 other flaws

In its April 2025 security update, Google patched 62 vulnerabilities in Android, including two zero-days …

Leave a Reply

Your email address will not be published. Required fields are marked *