Here are this week’s highlights in cybersecurity:

  • CircleCI, a SaaS used in Software Engineering for build and deploy pipelines, disclosed a security incident and is asking users to rotate secrets stored in the platform, project environment variables or contexts. More
  • Slack, disclosed a security incident in which hackers stole some of its private source code repositories, but claims impact is limited. Access was obtained via “employee tokens”. More
  • NortonLifeLock Password Manager was targeted by a credential stuffing attack. The company revealed that the attack compromised an undisclosed number of customer accounts. Account holders were notified that the content of their vault might have been accessed. More
  • CircleCI released an incident report on Friday detailing how last months compromise happened: an engineers computer was infected with malware that stole his SSO session cookie. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.