• bitcoinBitcoin (BTC) $ 72,859.00
  • ethereumEthereum (ETH) $ 2,241.15
  • tetherTether (USDT) $ 1.00
  • xrpXRP (XRP) $ 1.35
  • bnbBNB (BNB) $ 604.88
  • usd-coinUSDC (USDC) $ 0.999900
  • solanaSolana (SOL) $ 84.12
  • tronTRON (TRX) $ 0.317668
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.02
  • dogecoinDogecoin (DOGE) $ 0.092836
  • usdsUSDS (USDS) $ 0.999759
  • whitebitWhiteBIT Coin (WBT) $ 53.08
  • hyperliquidHyperliquid (HYPE) $ 42.35
  • leo-tokenLEO Token (LEO) $ 10.13
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • cardanoCardano (ADA) $ 0.249743
  • bitcoin-cashBitcoin Cash (BCH) $ 439.90
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • chainlinkChainlink (LINK) $ 9.00
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • moneroMonero (XMR) $ 339.14
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • zcashZcash (ZEC) $ 374.20
  • ethena-usdeEthena USDe (USDE) $ 0.999598
  • canton-networkCanton (CC) $ 0.146921
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • stellarStellar (XLM) $ 0.154013
  • memecoreMemeCore (M) $ 2.74
  • susdssUSDS (SUSDS) $ 1.08
  • daiDai (DAI) $ 1.00
  • litecoinLitecoin (LTC) $ 54.53
  • usd1-wlfiUSD1 (USD1) $ 0.999223
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • paypal-usdPayPal USD (PYUSD) $ 0.999924
  • avalanche-2Avalanche (AVAX) $ 9.27
  • rainRain (RAIN) $ 0.008119
  • wethWETH (WETH) $ 2,268.37
  • hedera-hashgraphHedera (HBAR) $ 0.088241
  • suiSui (SUI) $ 0.934242
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • usdt0USDT0 (USDT0) $ 0.998824
  • the-open-networkToncoin (TON) $ 1.40
  • crypto-com-chainCronos (CRO) $ 0.069657
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • tether-goldTether Gold (XAUT) $ 4,724.21
  • bittensorBittensor (TAO) $ 264.20
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.079121
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • pax-goldPAX Gold (PAXG) $ 4,733.08
  • mantleMantle (MNT) $ 0.679758
  • polkadotPolkadot (DOT) $ 1.28
  • global-dollarGlobal Dollar (USDG) $ 1.00
  • uniswapUniswap (UNI) $ 3.14
  • skySky (SKY) $ 0.078165
  • okbOKB (OKB) $ 85.43
  • falcon-financeFalcon USD (USDF) $ 0.997577
  • nearNEAR Protocol (NEAR) $ 1.35
  • pi-networkPi Network (PI) $ 0.167028
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • aster-2Aster (ASTER) $ 0.670289
  • htx-daoHTX DAO (HTX) $ 0.000002
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • usddUSDD (USDD) $ 1.00
  • pepePepe (PEPE) $ 0.000004
  • internet-computerInternet Computer (ICP) $ 2.53
  • ripple-usdRipple USD (RLUSD) $ 0.999941
  • aaveAave (AAVE) $ 91.65
  • bitget-tokenBitget Token (BGB) $ 1.95
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.12
  • bfusdBFUSD (BFUSD) $ 0.999799
  • ethereum-classicEthereum Classic (ETC) $ 8.36
  • ondo-financeOndo (ONDO) $ 0.253813
  • kucoin-sharesKuCoin (KCS) $ 8.56
  • gatechain-tokenGate (GT) $ 6.67
  • quant-networkQuant (QNT) $ 76.53
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • pump-funPump.fun (PUMP) $ 0.001824
  • render-tokenRender (RENDER) $ 2.03
  • morphoMorpho (MORPHO) $ 1.76
  • algorandAlgorand (ALGO) $ 0.107986
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.23
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • worldcoin-wldWorldcoin (WLD) $ 0.282669
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.085224
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • kaspaKaspa (KAS) $ 0.033001
  • cosmosCosmos Hub (ATOM) $ 1.78
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • nexoNEXO (NEXO) $ 0.893377
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • usdtbUSDtb (USDTB) $ 0.999564
  • ethenaEthena (ENA) $ 0.093486
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.05
  • blockchain-capitalBlockchain Capital (BCAP) $ 83.06
  • wbnbWrapped BNB (WBNB) $ 759.61
  • arbitrumArbitrum (ARB) $ 0.114530
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • filecoinFilecoin (FIL) $ 0.896074
  • midnight-3Midnight (NIGHT) $ 0.040744
  • aptosAptos (APT) $ 0.851677
  • ousgOUSG (OUSG) $ 114.87
  • flare-networksFlare (FLR) $ 0.007722
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • siren-2Siren (SIREN) $ 0.907517
  • official-trumpOfficial Trump (TRUMP) $ 2.82
  • hash-2Provenance Blockchain (HASH) $ 0.011313
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • justJUST (JST) $ 0.070543
  • beldexBeldex (BDX) $ 0.080012
  • xdce-crowd-saleXDC Network (XDC) $ 0.030685
  • vechainVeChain (VET) $ 0.007039
  • yldsYLDS (YLDS) $ 0.999918
  • dashDash (DASH) $ 46.27
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • jupiter-exchange-solanaJupiter (JUP) $ 0.164680
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • ghoGHO (GHO) $ 0.999647
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • stable-2​​Stable (STABLE) $ 0.026096
  • usual-usdUsual USD (USD0) $ 0.995217
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.237021
  • clbtcclBTC (CLBTC) $ 76,920.00
  • ravedaoRaveDAO (RAVE) $ 2.19
  • bonkBonk (BONK) $ 0.000006
  • layerzeroLayerZero (ZRO) $ 1.98
  • a7a5A7A5 (A7A5) $ 0.012627
  • true-usdTrueUSD (TUSD) $ 0.999303
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.49
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • dexeDeXe (DEXE) $ 9.77
  • adi-tokenADI (ADI) $ 4.34
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.673678
  • tbtctBTC (TBTC) $ 70,942.00
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.006714
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • euro-coinEURC (EURC) $ 1.17
  • decredDecred (DCR) $ 23.37
  • chilizChiliz (CHZ) $ 0.039341
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999294
  • blockstackStacks (STX) $ 0.216523
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • monadMonad (MON) $ 0.035635
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • venice-tokenVenice Token (VVV) $ 8.46
  • tezosTezos (XTZ) $ 0.354359
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • sei-networkSei (SEI) $ 0.055475
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • usxUSX (USX) $ 0.999483
  • cocaCOCA (COCA) $ 1.30
  • aerodrome-financeAerodrome Finance (AERO) $ 0.391654
  • hastra-primePRIME (PRIME) $ 1.03
  • edgexedgeX (EDGE) $ 1.00
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • ether-fiEther.fi (ETHFI) $ 0.441241
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • sun-tokenSun Token (SUN) $ 0.018000
  • kinesis-goldKinesis Gold (KAU) $ 143.81
  • curve-dao-tokenCurve DAO (CRV) $ 0.219995
  • apenftAINFT (NFT) $ 0.00000033
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • gnosisGnosis (GNO) $ 122.60
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • bittorrentBitTorrent (BTT) $ 0.00000033
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • bitcoin-svBitcoin SV (BSV) $ 15.92
  • plasmaPlasma (XPL) $ 0.130560
  • injective-protocolInjective (INJ) $ 3.01
  • spx6900SPX6900 (SPX) $ 0.322779
  • kinesis-silverKinesis Silver (KAG) $ 75.36
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • lighterLighter (LIT) $ 1.14
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • lido-daoLido DAO (LDO) $ 0.331336
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • flokiFLOKI (FLOKI) $ 0.000029
  • conflux-tokenConflux (CFX) $ 0.053937
  • noonNoon (NOON) $ 0.751949
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000001
  • kaiaKaia (KAIA) $ 0.047502
  • celestiaCelestia (TIA) $ 0.306487
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • usdaiUSDai (USDAI) $ 0.999907
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • doublezeroDoubleZero (2Z) $ 0.078996
  • fraxLegacy Frax Dollar (FRAX) $ 0.992630
  • syrupMaple Finance (SYRUP) $ 0.235032
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • official-foOfficial FO (FO) $ 0.266047
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
  • pyth-networkPyth Network (PYTH) $ 0.046172
Bitcoin

Over 80,000 sensitive password and key files leaked online

By admin
0 59

Over 80,000 sensitive password and key files leaked online

Cybersecurity firm watchTowr has uncovered a trove of leaked passwords, access keys, and sensitive configuration files that were unintentionally exposed from popular online formatting tools, JSON formatter, and CodeBeautify.

watchTowr Labs said it collected a dataset containing more than 80,000 files from sites used to format and validate code. Within those files, researchers found usernames, passwords, repository authentication keys, Active Directory credentials, database connection strings, FTP credentials, cloud environment access keys, LDAP configuration details, helpdesk API keys, and even recordings of SSH sessions.

“We’ve been rifling through platforms that developers use to quickly format their input – like JSONFormatter and CodeBeautify. And yes, you are correct – it went exactly as badly as you might expect,” watchTowr’s blog post published on Tuesday.

Online utilities such as JSONFormatter and CodeBeautify are meant to beautify or validate data formats, where devs paste snippets of code or configuration files into them to troubleshoot formatting issues. But according to researchers, many employees are unknowingly pasting entire files that contain live secrets from production systems.

JSON and CodeBeautify leak data from government, banks, and healthcare

According to the security firm, the leaked data flaw has yet to affect three platforms, including GitHub repositories, Postman workspaces, and DockerHub containers. However, it found five years of historical content from JSONFormatter and one year of historical content from CodeBeautify, totaling more than 5 gigabytes of enriched and annotated JSON material.

“The popularity is so great that the sole developer behind these tools is fairly inspired – with a typical visit to any tool homepage triggering 500+ web requests pretty quickly to generate what we assume is some sweet, sweet affiliate marketing revenue,” the cybersecurity group explained.

watchTowr Labs said organizations from industries like national infrastructure, government agencies, major financial institutions, insurance companies, technology providers, retail firms, aerospace organizations, telecoms, hospitals, universities, travel businesses, and even cybersecurity vendors have all had their private information exposed.

“These tools are extremely popular, appearing near the top of search results for terms like ‘JSON beautify’ and ‘best place to paste secrets’ (probably, unproven), used by organizations and administrators in both enterprise environments and for personal projects,” Security researcher Jake Knott wrote in the blog post.

watchTowr Labs listed several categories of sensitive data found within the exposed files like Active Directory credentials, code repository authentication keys, database access details, LDAP configuration information, cloud environment keys, FTP login credentials, CI/CD pipeline keys, private keys, and full API requests and responses with sensitive parameters.

Investigators also mentioned Jenkins secrets, encrypted configuration files belonging to a cybersecurity firm, Know Your Customer information from banks, and AWS credentials belonging to a major financial exchange that were connected to Splunk systems.

watchTowr: Malicious actors are scraping the leaks

According to watchTowr Labs’ damage analysis, many of the leaked keys have been collected and tested by unknown parties. In an experiment, researchers uploaded fake AWS access keys to one of the formatting platforms, and in just under two days, malicious actors attempted to abuse the credentials.

“Mostly because someone is already exploiting it, and this is all really, really stupid,” Knott continued, “we don’t need more AI-driven agentic agent platforms; we need fewer critical organizations pasting credentials into random websites.”

JSONFormatter and CodeBeautify temporarily disabled their save functionality in September, when the security flaw was brought to their attention. JSONFormatter it was “working on to make it better,” while CodeBeautify said it was implementing new “enhanced NSFW (Not Safe For Work) content prevention measures.”

Security issue in HashiCorp’s Vault Terraform Provider

Away from the leaked credentials, the San Francisco-based IBM company HashiCorp found a vulnerability that could allow attackers to bypass authentication in its Vault Terraform Provider. The firm provides developers, businesses, and security organizations with cloud-computing infrastructure and protection services.

Per the software company’s findings shared on Tuesday, the Vault Terraform flaw affects versions v4.2.0 through v5.4.0 from an insecure default configuration in the LDAP authentication method.

The issue arises because the “deny_null_bind” parameter is set to false instead of true when the provider configures Vault’s LDAP authentication backend. The parameter determines if the Vault rejects a wrong password or unauthenticated binds.

If the connected LDAP server allows anonymous binds, attackers can authenticate and access accounts without any valid credentials.

Source

admin 19949 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.