The flaws, disclosed by Token Security, did not require malware or insider access, only a free Zapier account.
Tag: token
AI, Global Security News
AI-Generated npm Malware Leaks Its Own GitHub Token
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
AI, Exploits, Global Security News, Risk Management
Zapier exploit chain shows how known anti-patterns compose into critical risk
A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the chain was a known anti-pattern. The composition across five systems was the finding. Zapier triaged the report…
AI, Global Security News
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying.…
AI, Data Breaches, Global Security News
Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. […]
AI, Apps, Cybersecurity, Data Breaches, Global Security News, Risk Management
Grafana confirms GitHub token breach cybercrime group claims the attack
Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…
Global Security News
Grafana Says It Rejected Ransom Demand After Source Code Theft
Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.
AI, Global Security News
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana…
Global Security News
When attackers already have the keys, MFA is just another door to open
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. […]
AI, Global Security News, Risk Management
AI agent intent is a starting point, not a security strategy
In this Help Net Security video, Itamar Apelblat, CEO of Token Security, walks through findings from the company’s research, which shows that 65% of agentic chatbots have never been used yet still hold live access credentials. He explains why organizations treat AI agents more like quick experiments than governed identities, and why that creates risks…
AI, Global Security News
F5 and NVIDIA advance AI factory economics with new capabilities for accelerated AI inference
F5 BIG-IP Next for Kubernetes accelerated with BlueField DPUs improves token throughput, reduces cost per token, and enables secure multi-tenant AI infrastructure, transforming AI factories for the agentic era
AI, Global Security News, Risk Management
Token Security advances AI agent protection with intent-based controls
Token Security has unveiled intent-based AI agent security, a new approach that governs autonomous agents in enterprise environments by aligning their permissions with their intended purpose. As organizations deploy autonomous AI agents across enterprise infrastructure, security models are struggling to contain the risks. Token Security has been advancing the concept of intent-based security for AI…
Global Security News
The Most Common Swap Scams in 2026, and How to Avoid Them
Swap scams target traders through fake DEX sites, token approvals, and phishing. Learn how to detect swap scams and protect funds before you swap now.