credential leak

Hackers are increasing scans for leaked Git configuration files, which can expose sensitive data like tokens and credentials. A report by GreyNoise highlighted a surge in scans from April 20-21, 2025, with nearly 4,800 unique IPs detected, predominantly from Singapore, the U.S., and Germany. These exposed Git files often lead to significant security breaches, allowing unauthorized access to cloud services and repositories. To mitigate risks, experts recommend blocking access to .git/ directories and monitoring logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/hackers-ramp-up-scans-for-leaked-git-tokens-and-secrets/

The Great Google Ads Heist: Criminals Ransack Advertiser Accounts Via Fake Google Ads

Extreme TLDR: Criminals are phishing Google Ads accounts by creating fake Google ads leading to counterfeit login pages on Google Sites. They steal credentials to resell accounts and finance other scams, targeting ads' profitability. Major phishing operations linked to Brazilian and Asian groups have been identified, exploiting vulnerabilities in Google's ad ecosystem.

https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads

Hackers Ramp up Scans for Leaked Git Tokens and Secrets

The Great Google Ads Heist: Criminals Ransack Advertiser Accounts Via Fake Google Ads