company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Vulnerability

loading..
loading..
loading..

Over 1,000 ServiceNow Instances Found Leaking Corporate Knowledge Base Data

Over 1,000 ServiceNow instances are misconfigured, leading to the unintentional exposure of sensitive corporate Knowledge Base (KB) data

17-Sep-2024
5 min read

No content available.

Related Articles

loading..

Teslamate

Over 1,300 TeslaMate servers exposed, leaking Tesla owners’ locations, trips, an...

A striking reminder of the dangers of unsecured self-hosted platforms surfaced when a security researcher revealed that over 1,300 TeslaMate servers were publicly exposed online, inadvertently disclosing sensitive Tesla vehicle data. The discovery highlights a growing cybersecurity challenge: how everyday consumers, empowered by open-source tools, may inadvertently create significant privacy vulnerabilities. This Threatfeed examines the incident in detail, analyzes the cybersecurity implications, and offers practical guidance for Tesla owners and self-hosting enthusiasts seeking to safeguard their data. ## Hundreds of TeslaMate Dashboards Left Wide Open The discovery was made by **Seyfullah Kiliç**, founder of the Turkish cybersecurity company **SwordSec**. Kiliç mapped and analyzed hundreds of TeslaMate servers — an open-source platform that allows Tesla owners to self-host dashboards tracking their vehicles’ health and usage. His findings were alarming. More than **1,300 dashboards** were found to be accessible without authentication. In many cases, no password protection or firewall rules were in place, meaning **anyone on the internet could view the data**. The information exposed included: * GPS location and real-time tracking * Trip histories with precise timestamps * Vehicle model and specifications * Battery health and charging sessions * Driving behaviors and routes For Tesla owners, this was more than just a technical issue; it was a blueprint of their daily life patterns, revealing where they live, work, and travel. ## Why This Exposure Matters At first glance, some might view the leakage as little more than a hobbyist mishap. However, in the era of widespread cybercrime, such oversights carry significant consequences. 1. **Physical Security Risks**: Real-time GPS data could allow malicious actors to track when a car (and its owner) is home, away, or on vacation. 2. **Targeted Crime**: Thieves could exploit data about charging patterns or vehicle locations to identify vulnerable targets. 3. **Identity and Privacy Concerns**: Combined with other datasets, exposed TeslaMate logs could help build detailed profiles of individuals, including their routines and personal habits. 4. **Cybersecurity Attack Surface**: Exposed servers may provide an entry point for further exploitation, especially if misconfigured systems contain other vulnerabilities. This is not just about Tesla or car enthusiasts; it’s a textbook example of how **self-hosted tools, if mismanaged, can become privacy liabilities**. ## From Dozens to Over a Thousand Back in 2022, only “dozens” of TeslaMate dashboards were reported as publicly exposed. Fast-forward to 2025, and the number has skyrocketed past **1,300**, showing an alarming growth curve. Why the surge? * **Popularity of TeslaMate**: As Tesla’s global customer base grows, more owners are attracted to TeslaMate’s ability to visualize vehicle data without relying on Tesla’s own servers. * **Ease of Self-Hosting**: The rise of home labs, Docker containers, and affordable cloud services makes it easier for average users to spin up dashboards — but not all understand the security implications. * **Configuration Missteps**: Many users either fail to set up authentication or leave servers exposed due to incorrect firewall settings. In other words, the democratization of data logging has created **an army of unsecured endpoints**, each one a potential privacy breach. ## What Is TeslaMate and Why Do Owners Use It? TeslaMate is an **open-source data logger and visualization platform** developed by Adrian Kumpf. It provides detailed insights into Tesla vehicles that go beyond what Tesla’s official app offers, including: * Long-term battery health monitoring * Detailed charging statistics and costs * Route visualizations and driving efficiency metrics * Custom dashboards powered by Grafana The appeal is clear: TeslaMate gives owners **full ownership of their vehicle data**. Unlike Tesla’s cloud services, which operate as a black box, TeslaMate allows transparency and historical analysis. However, the catch is equally clear: **with great data ownership comes great responsibility.** ## Mapping the Problem Kiliç didn’t merely identify exposed dashboards — he **mapped them visually**, creating a geographic snapshot of where these servers were located. The data illustrated just how widespread the problem is, with exposed dashboards in **Europe, North America, and Asia**. Importantly, the research was conducted in the spirit of awareness, not exploitation. Kiliç did not disclose specific server addresses but highlighted the scale to emphasize the need for urgent action. ## Implications Beyond Tesla Although TeslaMate is at the center of this story, the lesson resonates far more broadly. Self-hosted, open-source platforms — whether for home automation, fitness tracking, or smart devices — are proliferating. Each misconfigured server represents: * A **privacy risk**: sensitive personal data leaking into the public domain. * A **cybersecurity risk**: attack surfaces that could be exploited. * A **societal challenge**: how to balance the benefits of open-source empowerment with the responsibilities of secure deployment. This incident is, in many ways, **a case study in the hidden risks of the DIY internet.** ## How TeslaMate Users Can Protect Their Data For Tesla owners using TeslaMate, the good news is that these exposures are **not due to a fundamental flaw in the software**, but rather **misconfigurations by users**. Adrian Kumpf, TeslaMate’s developer, has already released fixes aimed at reducing accidental exposures. Still, ultimate responsibility rests with the host. Here are the key steps TeslaMate users should take: ### 1. Enable Authentication Ensure your TeslaMate dashboards require a strong username and password. Default or empty authentication is the primary cause of exposure. ### 2. Use a Firewall or VPN Restrict access to your server by setting firewall rules or hosting TeslaMate behind a VPN. Only authorized devices should connect. ### 3. Avoid Public Exposure Do not expose TeslaMate dashboards directly to the public internet. Instead, keep them on a private network or behind a reverse proxy with SSL. ### 4. Update Regularly Always run the latest version of TeslaMate and supporting software (Grafana, PostgreSQL, etc.), as updates often include important security fixes. ### 5. Monitor Logs Review access logs to detect any unusual activity. Anomalies may indicate that unauthorized access attempts are being made. ## Tesla’s Role in the Ecosystem While Tesla itself was not directly responsible for these exposures, the company has a stake in how its data is handled. The popularity of TeslaMate points to **a gap in Tesla’s official data offerings**. Many owners seek more granular insights than Tesla provides, prompting them to turn to third-party tools. Some experts argue that Tesla could help mitigate risks by: * Offering **more transparent APIs** for owners who want deeper analytics. * Providing **official guidance** on safe use of third-party data loggers. * Educating users on the dangers of unsecured self-hosting. This would not only protect owners but also reinforce trust in Tesla’s broader ecosystem. The TeslaMate exposure is not an isolated problem. It reflects a broader trend where **self-hosted open-source tools, when poorly secured, become ticking time bombs.** * **Home automation platforms** like Home Assistant have faced similar issues. * **Fitness data trackers** and IoT devices often leak personal data when misconfigured. * **Cloud misconfigurations** in Amazon AWS or Google Cloud have repeatedly exposed sensitive corporate data. In every case, the pattern is the same: **misconfiguration, lack of awareness, and unintended exposure.** For Tesla owners, the takeaway is simple: if you use TeslaMate, secure it as carefully as you would your car itself. For the broader community, the lesson is universal: owning your data comes with the responsibility to protect it. As open-source adoption accelerates, incidents like this may become more common. However, with the proper security practices, users can enjoy the benefits of transparency and control without compromising their privacy.

loading..   26-Aug-2025
loading..   7 min read
loading..

Google Play

77 apps and 19M installs later Google’s Play Store faces a crisis as trust shatt...

Cybersecurity researchers revealed that **77 malicious Android apps** had slipped through Google Play’s defenses, amassing more than **19 million downloads** before being purged. Mainstream coverage framed the event predictably: cybercriminals struck, Google responded, and users should be cautious. Yet this narrative is incomplete—and dangerously misleading. The unpopular but essential truth is this: **Google Play is not primarily a sanctuary of trust. It is an ecosystem designed for growth, not safety.** Each new “malware purge” is not an anomaly, but a symptom of a business model that consistently leaves users exposed. ## Walled Garden Illusion For years, Google has marketed the Play Store as a **curated, safe environment**. Users are reassured by Play Protect scans and app review policies. But the persistence of long-known threats like the **Joker trojan**—responsible for nearly a quarter of the malicious apps in this incident—exposes a reality that doesn’t align with the marketing. * **Adware**, which dominated two-thirds of the rogue apps, isn’t even new or innovative. It is crude and detectable. * **Repeat offenders** like Joker prove that detection methods are reactive, not preventive. This is not a cat-and-mouse game where hackers are always one step ahead. It is a system that tolerates intrusions until bad press forces a purge. ## Users as Collateral Damage The most overlooked dimension is the user experience. Millions trusted the official marketplace, downloaded these apps, and unknowingly became test subjects in what amounts to a live experiment. * Victims were tricked into fraudulent subscriptions, saw their data harvested, or endured constant intrusive ads. * Non-technical users—especially those in developing markets—had little chance of spotting danger signals buried in permissions or reviews. * Ironically, Google’s advice always shifts responsibility to the user: “check reviews, be cautious.” But this contradicts the promise of a centralized, vetted app store. The result? **Users carry the burden of vigilance while Google retains the benefits of scale.** ## Economics of Insecurity Why does this cycle persist? Because the incentive structure works against real security. * For attackers, Google Play offers the **best ROI** in cybercrime: global reach, legitimacy by association, and minimal entry barriers. * For Google, every app—malicious or not—bolsters engagement metrics and platform growth. Malicious apps are outliers only when caught. * For users, the low-cost app economy hides its true cost: privacy, financial exploitation, and erosion of trust. This is the part no headline highlights: **Google and attackers both thrive on frictionless onboarding. Security comes second.** ## Invisible Victims Beyond financial loss, the true casualties of this incident are often ignored: * **Emerging markets**, where prepaid credit fraud can devastate users with limited resources. * **Low-literacy populations**, excluded from security best practices written for technically literate audiences. * **Independent developers**, whose legitimate apps face declining trust because the marketplace itself is tainted. Every malware purge isn’t just about malware. It’s about trust deficits that disproportionately harm the most vulnerable. ## Security Theater When Google announces a malware removal, it frames itself as decisive and vigilant. In reality, it’s **security theater**—a spectacle that reassures the public without addressing root causes. Questions rarely asked in mainstream coverage: * Why do legacy malware families keep resurfacing? * How long were these apps live before removal? * Why isn’t Google compensating users who suffered financial losses enabled by its marketplace? Until these questions are addressed, removal cycles will remain little more than **clean-up operations for self-created messes.** ## Beyond the Garden, Into the Dark Forest The removal of 77 malicious apps with 19 million downloads is not evidence of a system working. It is evidence of a system **designed to fail safely in public while succeeding quietly in metrics**. The unpopular but urgent narrative is this: **Google Play is not a walled garden. It is a dark forest—where predators thrive, users wander blindly, and safety depends less on protections than on luck.** Until Google reimagines its marketplace as public infrastructure, not just an ad funnel, the next purge is not just likely—it is inevitable.

loading..   25-Aug-2025
loading..   4 min read
loading..

Inotiv

Qilin

Pharmaceutical research company Inotiv faces operational disruptions and data th...

Inotiv, Inc., a prominent contract research organization specializing in drug discovery and development, fell victim to a sophisticated ransomware attack that encrypted critical systems and exfiltrated sensitive data. The **Qilin ransomware group** (also known as Agenda) claimed responsibility, alleging that they stole approximately 176 GB of data—equivalent to roughly 162,000 files—including financial records, research contracts, and employee information. The attack disrupted business operations, forcing the company to transition to offline alternatives while initiating forensic investigations and engaging law enforcement. This incident highlights the escalating threat that ransomware poses to the pharmaceutical and healthcare research sectors, where data sensitivity and operational continuity are of paramount importance. ## Background on Inotiv Inotiv is a **Indiana-based contract research organization** (CRO) employing around **2,000 specialists** and generating over **$500 million in annual revenue** . The company provides critical services in drug development, drug discovery, safety assessment, and live animal research modeling for pharmaceutical and biotechnology clients. Its work often involves **years-long nonclinical studies** and early-stage research, making data integrity and confidentiality essential not only for commercial success but also for regulatory compliance and public health advancements . As a key player in the pharmaceutical research ecosystem, Inotiv handles sensitive intellectual property, proprietary research data, and confidential client information, making it an attractive target for cybercriminals. ## Ransomware Attack ### Timeline and Initial Response Inotiv detected the cybersecurity incident on **August 8, 2025**, and immediately took steps to contain the breach. According to an **SEC 8-K filing** submitted by Chief Financial Officer Beth A. Taylor, the company launched an investigation with the help of external cybersecurity experts, restricted access to certain systems, and notified law enforcement authorities . The preliminary investigation revealed that a threat actor had gained unauthorized access to and encrypted portions of Inotiv's systems, temporarily impacting access to internal data storage and business applications. ### Operational Impact and Mitigation Strategies The encryption of systems led to significant **disruptions in business operations**, affecting databases and applications essential for daily processes. To mitigate the impact, Inotiv activated its business continuity strategy, transitioning some operations to offline alternatives. Despite these efforts, the company acknowledged that disruptions are expected to persist for some time, and no timeline for full restoration has been provided. The attack highlights the vulnerability of centralized data repositories in pharmaceutical research, where decades of valuable information can be compromised in a single breach. ## Qilin Connection ### Group Profile and Tactics The **Qilin ransomware gang**—a **Ransomware-as-a-Service (RaaS)** operation—publicly claimed responsibility for the attack on **August 11**, listing Inotiv on its leak site and publishing samples of the allegedly stolen data as proof . Qilin has evolved into a highly sophisticated threat group, leveraging customizable malware variants written in Rust and Go to target Windows, Linux, and VMware ESXi environments . Notably, Qilin systematically exploits critical vulnerabilities in **Fortinet products** (CVE-2024-21762 and CVE-2024-55591) to gain initial access, escalate privileges, and penetrate victim networks . In Q2 2025, Qilin accounted for **19% of ransomware incidents** impacting industrial organizations, reflecting its aggressive recruitment of skilled affiliates and alignment with state-sponsored threats . ### Extortion Demands Qilin alleges to have exfiltrated **176 GB of data**, including: - Financial records - Research contracts - Purchase orders - Employee information. This data theft aligns with the group's **double-extortion strategy**, where stolen data is leveraged to pressure victims into paying ransoms by threatening public leakage. The publication of sample documents on Qilin's leak site suggests the claims are credible, though Inotiv has not yet confirmed the extent of the data breach . ## Impact on Operations and Stakeholders ### Research and Development Delays The attack has **disrupted critical research activities**, potentially delaying ongoing drug development projects and nonclinical studies. For pharmaceutical research organizations like Inotiv, such disruptions can have **cascading effects** on client projects, regulatory submissions, and overall business continuity. The loss or compromise of long-term research data could necessitate years of redundant work, amplifying financial and operational costs. ### Regulatory and Compliance Exposure Inotiv may face **regulatory scrutiny** under HIPAA, GDPR, and FDA regulations, particularly if stolen data includes sensitive client or patient information. The company's SEC filing emphasizes that the full scope and impacts—including financial and operational consequences—remain under investigation. This incident also highlights the implications of the **SEC's new cybersecurity disclosure rules**, which require public companies to report material cyber incidents within four days . ### Reputational and Client Trust Risks The breach could erode trust among clients, partners, and investors, especially given the sensitive nature of pharmaceutical research. Inotiv has already faced unrelated enforcement actions earlier in 2025, and this cyber incident introduces **additional reputational risks** during a critical period. Clients may reconsider their reliance on centralized data storage models, opting for more segmented and secure architectures. ## Expert Commentary ### Industry Voices on ransomware Threats **Rebecca Moody, Head of Data Research at Comparitech**, notes that attacks on healthcare-related companies like Inotiv have **far-reaching consequences** due to their access to vast datasets across multiple entities . She confirmed that 19 similar attacks have occurred globally in 2025, resulting in over 6 million records breached. **Ensar Seker, Chief Information Security Officer at SOCRadar**, emphasized that the encryption of key systems and theft of proprietary research data places both **operational continuity and intellectual property at grave risk** . ### Ransomware-as-a-Service Dynamics Qilin's operational model reflects the broader trend of **professionalization in the ransomware ecosystem**. The group offers affiliates customizable malware, legal advisory services for negotiations, and dedicated media teams to shape public narratives and intensify psychological pressure on victims. This professionalization, combined with the exploitation of critical vulnerabilities, enables ransomware groups to execute precision attacks at scale . ## Regulatory and Legal Implications ### SEC Cybersecurity Disclosure Rules Inotiv's SEC filing aligns with **updated cybersecurity disclosure requirements**, mandating transparency about material incidents . The company's disclosure highlights the executive-level significance of ransomware incidents, which impact investor relations, regulatory compliance, and contractual obligations. ### Potential Compliance Penalties Depending on the nature of the stolen data, Inotiv could face penalties under **HIPAA** for protected health information (PHI) breaches, **GDPR** for data belonging to EU citizens, and **FDA regulations** for compromised clinical trial data . The company may also encounter lawsuits from affected clients or partners, amplifying financial and reputational costs. ## What Happens Next? ### Restoration and Monitoring Efforts. Inotiv continues to work with cybersecurity experts to restore affected systems and investigate the full scope of the breach . The company advised stakeholders to monitor for **phishing campaigns** leveraging stolen data and remain vigilant about suspicious account activity . ### Data Leakage Possibilities Given Qilin's history of leaking data from non-paying victims, it is likely that the stolen information could appear on **darknet forums** or be sold to other malicious actors . The publication of sample documents suggests that further leaks may follow if ransom demands are not met.

loading..   23-Aug-2025
loading..   6 min read