Found 8 bookmarks
Custom sorting
Twilio denies breach following leak of alleged Steam 2FA codes
Twilio denies breach following leak of alleged Steam 2FA codes
Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. The threat actor, using the alias Machine1337 (also known as EnergyWeaponsUser), advertised a trove of data allegedly pulled from Steam, offering to sell it for $5,000. When examining the leaked files, which contained 3,000 records, BleepingComputer found historic SMS text messages with one-time passcodes for Steam, including the recipient's phone number. Owned by Valve Corporation, Steam is the world's largest digital distribution platform for PC games, with over 120 million monthly active users. Valve did not respond to our requests for a comment on the threat actor's claims. Independent games journalist MellolwOnline1, who is also the creator of the SteamSentinels community group that monitors abuse and fraud in the Steam ecosystem, suggests that the incident is a supply-chain compromise involving Twilio. MellowOnline1 pointed to technical evidence in the leaked data that indicates real-time SMS log entries from Twilio's backend systems, hypothesizing a compromised admin account or abuse of API keys.
#bleepingcomputer#EN#2025#Sale#SMS#Steam#Supply-Chain#Supply-Chain-Attack#Third-Party-Data-Breach#Twilio#denied
·bleepingcomputer.com·
Twilio denies breach following leak of alleged Steam 2FA codes
Linux wiper malware hidden in malicious Go modules on GitHub
Linux wiper malware hidden in malicious Go modules on GitHub
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them. Complete disk destruction The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wiping activity. Furthermore, the payload verifies that it runs in a Linux environment (runtime.GOOS == "linux") before trying to execute. An analysis from supply-chain security company Socket shows that the command overwrites with zeroes every byte of data, leading to irreversible data loss and system failure. The target is the primary storage volume, /dev/sda, that holds critical system data, user files, databases, and configurations. “By populating the entire disk with zeros, the script completely destroys the file system structure, operating system, and all user data, rendering the system unbootable and unrecoverable” - Socket The researchers discovered the attack in April and identified three Go modules on GitHub, that have since been removed from the platform: github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy
#bleepingcomputer#EN#2025#Data-Wiper#GitHub#Golang#Linux#Server#supply-chain-attack
·bleepingcomputer.com·
Linux wiper malware hidden in malicious Go modules on GitHub
New details reveal how hackers hijacked 35 Google Chrome extensions
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
#bleepingcomputer#EN#2024#Chrome-extension#Cyberhaven#Data-Theft#Facebook#OAuth#Phishing#Supply-Chain-Attack
·bleepingcomputer.com·
New details reveal how hackers hijacked 35 Google Chrome extensions