Clavitor

One unsanitized semicolon in a git push option gave read access to millions of private repos on GitHub.com. Private means 'we promise not to show it.' Not 'we can't show it.'

73 malicious VS Code extensions just got pulled. GlassWorm malware sitting in the marketplace as sleeper packages. Your code editor has read access to every file on your machine. Every .env. Every key. Every credential. Nobody audits extension permissions. They click Install and get back to work.

Police drew a circle on a map. Google returned everyone inside it. The Supreme Court is debating the circle. Nobody's questioning the list.

40,000 people recorded their voice for an AI training gig. Mercor stored it next to their passport scan and selfie. Lapsus$ now has the full kit: a cloneable voice, a matching face, and a government ID. You can rotate a password. You can't rotate your voice.

ClickUp hardcoded an API key in their page source JavaScript. One GET request. 959 email addresses. 3,165 internal feature flags. Employees from Home Depot, Fortinet, Tenable, Mayo Clinic. The key was right there in the HTML. No scope. No rate limit. No expiry. Just a string anyone could copy. API keys are credit cards without spending limits and without a PIN code.

An AI coding agent deleted a startup's production database. Not a hack. Not a bug. The agent used exactly the credentials it was given. Everyone's debating AI guardrails. Nobody's asking why a coding assistant had DROP TABLE on production.

Headspace is silently reinstalling on iPhones. Automatic downloads: off. The setting said no. The phone said yes. A toggle is a policy. Not a constraint. The platform decides what your preferences actually mean.

A new K8s tool uses kernel-level eBPF to swap placeholder tokens for real secrets in flight — so the app never sees the actual credential. We're writing kernel interceptors to hide secrets from our own code. That's not a feature. That's a confession.

DragonForce is targeting SimpleHelp because it's an RMM tool. One compromised RMM = every client network, simultaneously. Ransomware gangs stopped picking locks. They're stealing the master key.

Someone at Rode has the private key that matches the SSH keys pre-installed on every Rodecaster Duo ever sold. A podcast mixer. With root access. On your network. No firmware signature checks. Your attack surface is every device you forgot is a computer.

Vercel was breached for two months before anyone noticed. The attacker read customer environment variables — API keys, database passwords, Stripe secrets. Vercel's fix: 'Enable the sensitive environment variable feature.' Translation: the encryption you thought was protecting your secrets wasn't. You had to check a box to get real encryption. Most people didn't. API keys are credit cards without spending limits and without a PIN code. For two months, someone had yours.

A developer went through two rounds of interviews with a fake company. Real website. Real faces. Deepfake video calls. Then they ran the coding challenge. 56 seconds later: 634 Chrome passwords, the macOS Keychain, and crypto wallet data — all gone. The passwords were 'encrypted.' The decryption key was on the same disk. That's not encryption. That's a filing system.

Yesterday a compromised Bitwarden CLI harvested SSH keys, cloud credentials, and npm tokens from 334 developer machines. The malware didn't touch the vault. It didn't need to. Every secret was a plaintext file in a predictable location. ~/.ssh/, ~/.aws/, ~/.npmrc, ~/.env — all readable by any process. Your vault protects your passwords. Everything else is wide open.

Buried in the Claude Code leak: x402 mentioned dozens of times. Anthropic is building autonomous micropayment hooks directly into Claude agents. Agents that spend money autonomously need credentials to do it. Scoped. Auditable. Revocable. Not a .env file.

An Anthropic engineer's agent just leaked Claude Code's source map. Not a hack. Not malice. An agent with access to things it shouldn't have, doing something automatically. This is the threat model nobody talks about: your own agents. Scoped credentials. Audit logs. Revocation. That's the only answer.

Google just put a deadline on the encryption protecting your passwords. Not just Bitcoin. Every password manager running elliptic curve cryptography has the same exposure. 2029 is closer than it sounds. The question is no longer "if" — it's whether your vault was built for what's coming. research.google/blog/safeguard…

The LastPass settlement emails went out this week. $25 for your breach. Here's the part nobody's saying: even a perfectly honest LastPass has the same problem. The operator can read your vault by design. That's the architecture. Nobody's fixed it. #LastPass #cybersecurity

Serious question: is there a password manager where the operator literally cannot read your vault? Not 'we promise we won't.' Not 'we use encryption.' Actually. Cannot. Read. It. Asking because the LastPass architecture was the problem. Not just the breach.

LastPass wurde gehackt. Dein Passwort-Manager kann deinen Tresor lesen. vault1984 ist jetzt in Zürich 🇨🇭 — deine KI-Agenten haben Zugriff. Niemand sonst. Die Datenbank klauen? Du bekommst Rauschen. Kostenlos bis 1. Mai. #Schweiz #Datenschutz

LastPass got breached. Your current password manager can read your vault. vault1984 just landed in Zürich 🇨🇭 — your vault in Europe, your AI agents the only ones with the key. Steal the database. You get ciphertext. Free till May 1st. #Switzerland #privacy