Since April 2020, unidentified cyber actors have actively targeted vulnerable SonarQube instances to access source code repositories of US government agencies and private businesses. The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it, and post the data publicly. The FBI has identified multiple potential computer intrusions that correlate to leaks associated with SonarQube configuration vulnerabilities.
Read MoreExplore expert insights on cybersecurity trends, best practices, and compliance strategies. Led by industry veterans, our posts offer in-depth analyses and practical guidance to help professionals and small businesses fortify their cyber defenses. We openly welcome submissions for guest blogger articles. Interested in submitting? Submit your topic here to let us know.