In a succinct blog post published today, GitHub acknowledged discovering this week that the RSA SSH private key for GitHub.com had been ephemerally exposed in a public GitHub repository.

“Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third-party secure file transfer system,” it said.

Cisco’s Talos threat intelligence and research unit this week disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech’s KingHistorian industrial data historian software.

SideCopy APT traditionally uses spear phishing as its method to gain initial entry. Emails in the latest campaign purportedly contain research material about military technologies sent as attachments.

The Cybernews research team discovered that the South Korean social platform, powderroom.co.kr – which markets itself as the nation’s biggest beauty community – was leaking the private data of a million users.

Cisco published its semiannual IOS and IOS XE software security advisory bundle, which addresses ten vulnerabilities, including six ‘high-severity’ ones. The most important three security bugs can be exploited remotely to cause a DoS condition.

The company revealed that last month’s cyberattack directly impacted its employees’ information in the annual report filed with the U.S. Securities and Exchange Commission (SEC) on Wednesday.

The Soft Cell threat actor, also tracked by Microsoft as Gallium, is known to target unpatched internet-facing services and use tools like Mimikatz to obtain credentials that allow for lateral movement across the targeted networks.

Remote access provider Splashtop has acquired the server and network access management vendor Foxpass to get better visibility across co-managed and multi-tenant environments.

A new credit card stealing hacking campaign is doing things differently by hiding its malicious code inside the ‘Authorize.net’ payment gateway module for WooCommerce, allowing the breach to evade detection by security scans.