More results...
FBI warns that North Korea–linked APT group Kimsuky is targeting governments, think tanks, and academic institutions with quishing attacks. North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns. “As of 2025, Kimsuky actors have targeted think tanks, academic […]
Illinois Department of Human Services (IDHS) exposed personal and health data of nearly 700,000 residents due to incorrect privacy settings. The Illinois Department of Human Services (IDHS ) disclosed a data breach after misconfigured privacy settings exposed personal and health data of nearly 700,000 residents. On September 22, 2025, IDHS discovered that internal maps meant […]
Trend Micro fixed three Apex Central flaws discovered by Tenable that could allow remote code execution or denial-of-service attacks. Trend Micro patched three flaws (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console after Tenable disclosed details and PoC code. The researchers discovered the vulnerabilities in August 2025, which could enable remote code execution or denial-of-service attacks. […]
Palo Alto’s crosswalk signals were hacked last year. Turns out the city never changed the default passwords.
Iran shut down the internet as protests spread nationwide. Dozens were killed in a violent crackdown amid soaring inflation and a collapsing currency. Iran has shut down the internet nationwide as protests spread across multiple cities. Security forces responded with a violent crackdown that reportedly killed dozens. Demonstrations continued despite the blackout, with shops closing […]
China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational […]
China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational […]
Chinese-speaking attackers used a hacked SonicWall VPN to deploy ESXi zero-days that were likely exploited over a year before public disclosure. Chinese-speaking attackers were seen abusing a hacked SonicWall VPN to deliver a toolkit targeting VMware ESXi. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year […]
In March 2024, I got a crash course in third-party OAuth risk when my company’s private GitHub repos were cloned and republished by an attacker. The vector: a security incident at Mintlify, a YC-backed documentation platform.
What happened to me:
On March 1st, I noticed someone had accessed my Mintlify dashboard and changed my documentation repository settings. Within hours, all my private repos had been forked and republished publicly. The attacker had used my GitHub access token — which Mintlify stored to sync documentation from my repos.
I reported it immediately. Mintlify’s team (shoutout to Hahnbee) was responsive and worked through the weekend to revoke tokens, patch endpoints, and lock things down.
The bigger picture:
Mintlify published a full incident report: mintlify.com/blog/incident-march-13
The short version: attackers gained access to admin tokens, which led to 91 GitHub tokens being compromised. They confirmed at least one customer’s repository was accessed using those tokens (that was me). They responded by:
Credit where it’s due — they handled the response professionally and were transparent about what happened.
Why I’m posting this:
Not to bash Mintlify. Breaches happen, and their response was solid. But this incident changed how I think about OAuth integrations.
When you connect a docs platform to your GitHub, you’re granting read access to your repos. Most of us click “Authorize” without thinking twice. I certainly did. The convenience of auto-syncing docs from your repo comes with real risk if that platform gets compromised.
After the incident, I spent a few weeks building my own free alternative (https://vellocs.dev) — partly as a learning exercise, partly because I wanted more control over what has access to my repos.
Takeaways:
github.com/settings/apps/authorizations shows everything you’ve authorizedAnyone else been caught in a third-party breach like this? Curious how others think about OAuth risk.
submitted by /u/xenos_1337
[link] [comments]