<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>Secretus Blog</title>
    <link>https://secretus.app/blog</link>
    <description>Cybersecurity, hacking, cryptography, and practical secret-sharing guidance from Secretus.</description>
    <language>en</language>
    <lastBuildDate>Sun, 19 Jul 2026 00:00:00 GMT</lastBuildDate>
    <atom:link href="https://secretus.app/feed.xml" rel="self" type="application/rss+xml" />
    <generator>Secretus static build</generator>
    <ttl>60</ttl>
    <image>
      <url>https://secretus.app/secretus_logo.png</url>
      <title>Secretus Blog</title>
      <link>https://secretus.app/blog</link>
    </image>
    <item>
      <title>SharePoint CVE-2026-58644: active exploitation turns patching into incident response</title>
      <link>https://secretus.app/blog/sharepoint-cve-2026-58644-active-exploitation</link>
      <guid isPermaLink="true">https://secretus.app/blog/sharepoint-cve-2026-58644-active-exploitation</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:00 GMT</pubDate>
      <description>CISA added a SharePoint deserialization flaw to its Known Exploited Vulnerabilities catalog on July 16. For internet-facing on-premises servers, the right response is patch, hunt, and rotate — not patch and forget.</description>
      <category>news</category>
      <category>vulnerabilities</category>
      <category>incident-response</category>
      <content:encoded><![CDATA[<p>A SharePoint vulnerability moved from patch queue to incident-response priority this week. On July 16, the US Cybersecurity and Infrastructure Security Agency added <strong>CVE-2026-58644</strong> to its Known Exploited Vulnerabilities catalog, recording evidence of active exploitation and setting July 19 as the remediation deadline for US federal civilian agencies.</p><p>The flaw is a deserialization-of-untrusted-data vulnerability in on-premises Microsoft SharePoint. An attacker who has the required SharePoint privileges can use it to execute code on the server. That authentication requirement narrows the entry path, but it does not make the outcome modest: a compromised tenant account, stolen session, or malicious insider can turn application access into control of a server that often sits close to documents, identities, and internal workflows.</p><h2>The important signal is “known exploited”</h2><p>Severity scores help teams sort theoretical risk. The KEV catalog answers a different question: are attackers actually using this vulnerability? Here, the answer is yes. Once exploitation is observed, the sensible default for an exposed or business-critical server is to assume the vulnerable period may matter and to look for evidence — not merely to install the update and close the ticket.</p><p>This distinction is particularly important for SharePoint. The platform is not just another web application. It commonly connects identity, collaboration, document libraries, automation, and years of institutional memory. Code execution there can become credential theft, persistence, lateral movement, or access to material that was never intended to leave the organisation.</p><h2>A practical response order</h2><ol><li><strong>Find every on-premises instance.</strong> Include test farms, disaster-recovery systems, abandoned project portals, and servers that are reachable only through a VPN. Confirm product version and patch state from the host, not from an asset spreadsheet.</li><li><strong>Apply Microsoft&#x27;s update or mitigation.</strong> If neither can be applied promptly, isolate the service from untrusted networks. CISA&#x27;s KEV guidance is explicit: remediate according to vendor instructions or discontinue use when mitigations are unavailable.</li><li><strong>Preserve evidence before cleaning.</strong> Retain IIS, SharePoint, identity-provider, endpoint, firewall, and reverse-proxy telemetry. Snapshot suspicious hosts where your incident process allows it. Deleting a web shell without preserving its surrounding evidence makes scoping harder.</li><li><strong>Hunt beyond the vulnerable process.</strong> Review new or modified application files, unusual child processes, scheduled tasks, services, outbound connections, privileged-account changes, and access to sensitive libraries. Correlate SharePoint activity with identity and endpoint logs.</li><li><strong>Rotate what may have been exposed.</strong> If investigation finds compromise — or cannot confidently exclude it — rotate relevant service-account credentials, application secrets, certificates, tokens, and cryptographic material following Microsoft and incident-response guidance. Rotation comes after containment so fresh credentials are not immediately collected again.</li></ol><h2>Patching closes the vulnerability, not its consequences</h2><p>The recurring operational mistake is treating a security update as a time machine. It prevents a fixed path from being used in the future; it does not remove accounts already created, credentials already copied, or persistence already installed. Active exploitation changes the work from vulnerability management into a combined patch-and-hunt exercise.</p><p>It also exposes a quieter weakness: credentials and recovery material tend to accumulate in collaboration platforms. Search document libraries, lists, automation configurations, and old tickets for passwords, API tokens, private keys, and environment files. Remove them, rotate them, and replace that habit with an expiring transfer mechanism. Reducing the credential inventory inside SharePoint limits the value of the next compromise, whatever its CVE number.</p><h2>Sources</h2><ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-58644" target="_blank" rel="noreferrer">NIST National Vulnerability Database — CVE-2026-58644</a></li><li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58644" target="_blank" rel="noreferrer">Microsoft Security Response Center — CVE-2026-58644</a></li><li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-58644" target="_blank" rel="noreferrer">CISA Known Exploited Vulnerabilities catalog</a></li></ul>]]></content:encoded>
    </item>
    <item>
      <title>ENISA&apos;s frontier-AI warning: the attacker&apos;s speed is becoming the vulnerability</title>
      <link>https://secretus.app/blog/enisa-frontier-ai-cybersecurity-speed</link>
      <guid isPermaLink="true">https://secretus.app/blog/enisa-frontier-ai-cybersecurity-speed</guid>
      <pubDate>Sun, 19 Jul 2026 00:00:00 GMT</pubDate>
      <description>ENISA&apos;s July 2026 analysis says AI is compressing the path from discovery to weaponisation and forcing defenders to rethink disclosure, software supply chains, patching, and incident response.</description>
      <category>news</category>
      <category>ai-security</category>
      <category>europe</category>
      <content:encoded><![CDATA[<p>The most useful line in ENISA&#x27;s new analysis of cybersecurity in the frontier-AI era is not a prediction about an all-powerful hacking model. It is an operational warning: AI is compressing the interval between vulnerability discovery and weaponisation, while many defenders still work through queues designed for a slower internet.</p><p>The EU agency&#x27;s July 2026 paper describes a security environment where offensive research, phishing, malware adaptation, and reconnaissance can be iterated at machine speed. At the same time, AI-generated vulnerability reports can flood disclosure programmes with uneven findings, and trusted software dependencies can carry attacks from the inside out. The immediate risk is not science-fiction autonomy. It is an attacker completing familiar tasks faster than an organisation can triage, approve, patch, and contain.</p><h2>Four changes defenders should plan for</h2><h3>1. Discovery-to-exploit time keeps shrinking</h3><p>Public fixes, commits, and release notes have always helped attackers reverse-engineer vulnerabilities. AI makes that comparison and adaptation cheaper. A patch released on Tuesday can become a scanning or exploitation opportunity before a conventional monthly maintenance window opens. Patch priority therefore needs live exploitability and exposure data, not only a static severity score.</p><h3>2. Disclosure pipelines can become denial-of-service targets</h3><p>ENISA notes that AI-generated reports initially overwhelmed parts of the vulnerability-disclosure ecosystem with mixed-quality submissions. Even as report quality improves, intake teams need automated deduplication, reproducibility checks, evidence requirements, and a fast path for findings that affect exposed systems. Otherwise the important report is buried in a syntactically convincing queue.</p><h3>3. “Inside-out” supply-chain attacks get easier to scale</h3><p>A trusted update, package, build action, or model dependency starts inside the boundary that perimeter controls are built to defend. AI can help an attacker study maintainers, imitate contribution patterns, adapt malicious code, and target the weakest point in a dependency graph. Provenance and build integrity become security controls, not procurement paperwork.</p><h3>4. Incident response must operate in minutes and hours</h3><p>Fragmented telemetry and manual hand-offs are increasingly expensive when an intrusion can change shape quickly. That does not mean handing every response decision to an autonomous agent. It means preparing bounded, reversible actions — disable a token, isolate a workload, block an indicator, preserve evidence — that automation can recommend or execute under clear human checkpoints.</p><h2>What a team can change this quarter</h2><ul><li><strong>Patch from exposure and exploitation signals.</strong> Connect asset inventory, internet reachability, business criticality, and known exploitation to patch deadlines. Reserve emergency capacity rather than forcing every flaw through the same calendar.</li><li><strong>Make builds explain themselves.</strong> Pin dependencies, generate an SBOM, sign release artifacts, restrict who and what can publish, and retain provenance that links a deployed binary to reviewed source and a controlled build.</li><li><strong>Keep secrets out of the automation trail.</strong> CI logs, prompts, issue trackers, model context, and generated debugging output are all places where tokens can be copied. Use short-lived credentials, scoped identities, secret scanning, and expiring transfers for human hand-offs.</li><li><strong>Put quality gates around AI security output.</strong> Require a reproducible test case, affected-version evidence, confidence level, and human validation before an AI-generated finding triggers a destructive action or a public disclosure.</li><li><strong>Pre-authorise safe containment.</strong> Decide in advance who may revoke credentials, isolate hosts, block traffic, and contact suppliers. Automation is useful only when the organisation has already settled the authority and rollback path.</li></ul><h2>Speed is an architectural property</h2><p>Buying an AI security product does not make a slow organisation fast. The durable advantage comes from clean telemetry, trustworthy asset ownership, rehearsed decisions, controlled software supply chains, and credentials that can be revoked without a week of coordination. Those foundations help whether the attacker uses an advanced model, a commodity scanner, or a convincing phone call.</p><p>ENISA&#x27;s message is best read as a deadline for operational design: shorten the path from evidence to safe action without removing accountability. Attackers are automating their side of the workflow. Defenders need to redesign theirs.</p><h2>Source</h2><p><a href="https://www.enisa.europa.eu/sites/default/files/2026-07/ENISA%20view%20on%20cybersecurity%20in%20the%20frontier%20AI%20era_en_0.pdf" target="_blank" rel="noreferrer">ENISA — ENISA&#x27;s view on Cybersecurity in the Frontier AI Era (July 2026)</a></p>]]></content:encoded>
    </item>
    <item>
      <title>EY&apos;s breach came through a help-desk ticket system — the archive nobody guards</title>
      <link>https://secretus.app/blog/ey-breach-support-ticket-system</link>
      <guid isPermaLink="true">https://secretus.app/blog/ey-breach-support-ticket-system</guid>
      <pubDate>Sat, 18 Jul 2026 00:00:00 GMT</pubDate>
      <description>Ernst &amp; Young is notifying clients after attackers spent two weeks inside a third-party IT ticketing platform whose support tickets routinely carried tax documents as attachments. The lesson isn&apos;t about EY — it&apos;s about what quietly accumulates in every ticketing system.</description>
      <category>news</category>
      <category>breaches</category>
      <category>credentials</category>
      <content:encoded><![CDATA[<p>Ernst &amp; Young — a Big Four firm that sells cybersecurity consulting — is notifying clients of a data breach. The entry point wasn&#x27;t EY&#x27;s network. It was a <strong>third-party IT service-management platform</strong> its support staff used to handle internal tickets for tax-related client work. According to the breach notifications filed on July 15, an unauthorized party had access to the platform between <strong>March 28 and April 12, 2026</strong>; anomalous activity was spotted on April 23, and the investigation has been unwinding what was taken ever since.</p><p>What was in there? Exactly what&#x27;s in every mature ticketing system: attachments. Support tickets on the platform routinely carried documents containing clients&#x27; personal information, investment-holding details and financial data used to prepare tax filings. EY says it has no evidence of misuse so far, no extortion group has claimed the incident, and affected individuals are being offered 24 months of identity monitoring. All reasonable. But the interesting part is upstream of the response.</p><h2>Ticket systems are archives wearing a workflow costume</h2><p>Nobody thinks of a help-desk tool as a data warehouse. Yet consider what it optimizes for: people attach whatever&#x27;s needed to resolve the issue (&quot;here&#x27;s the spreadsheet that won&#x27;t import&quot;, &quot;see the client&#x27;s filing attached&quot;), tickets are kept forever for auditability, and access is broad because support teams rotate. Multiply by years and you get a searchable, well-organized archive of the most sensitive documents in the business — maintained diligently, guarded loosely, and hosted by a vendor whose security you don&#x27;t control.</p><p>This is the third act of a pattern this month&#x27;s incidents keep rehearsing. The TfL attackers went through a help desk to get passwords reset. The SonicWall intrusions harvested credential stores from appliances. And now a ticketing platform gives up tax files. Different doors, same room: <strong>wherever copies of sensitive material pool by default, that&#x27;s where attackers go</strong> — because one compromise yields thousands of documents nobody remembers attaching.</p><h2>The third-party multiplier</h2><p>The platform was a vendor&#x27;s, which adds the now-familiar supply-chain twist: your data&#x27;s exposure is set by the weakest SaaS tool any of your teams adopted. Vendor questionnaires won&#x27;t fix that retroactively. What helps is reducing what the tool holds: if the ticket references where a document lives instead of carrying the document, a platform compromise leaks metadata, not filings.</p><h2>What to do about your own ticket archive</h2><ul><li><strong>Audit attachments, not just access.</strong> Search your ticketing system for what&#x27;s actually in it — tax documents, contracts, credentials, exported databases. Most teams are surprised.</li><li><strong>Set retention to match reality.</strong> A resolved ticket rarely needs its attachments after 90 days. Auto-purge attachments on closure where policy allows; keep the ticket text for audit.</li><li><strong>Move sensitive hand-offs out of the ticket body.</strong> When support work requires a credential or a sensitive file, pass it through a channel that expires and can be read once, and put the <em>reference</em> in the ticket. The workflow stays auditable; the archive stays empty.</li><li><strong>Treat vendor ITSM tools as data processors.</strong> Because that&#x27;s what they are: scope what categories of data may enter them, and include them in your breach-notification planning — EY&#x27;s timeline (access in March, letters in July) shows how long that tail is.</li></ul><p>The uncomfortable summary: EY didn&#x27;t lose a database; it lost the accumulated sediment of everyday helpfulness. Every organization has the same sediment somewhere. The fix is structural — decide that sensitive material doesn&#x27;t rest in workflow tools, and give people an equally easy path that doesn&#x27;t leave a copy behind.</p>]]></content:encoded>
    </item>
    <item>
      <title>wp2shell: WordPress force-updates the web over a pre-auth RCE in core</title>
      <link>https://secretus.app/blog/wp2shell-wordpress-forced-update</link>
      <guid isPermaLink="true">https://secretus.app/blog/wp2shell-wordpress-forced-update</guid>
      <pubDate>Sat, 18 Jul 2026 00:00:00 GMT</pubDate>
      <description>A REST-API route confusion chained with a SQL injection gives anonymous attackers code execution on default WordPress installs — no plugins needed. WordPress shipped 6.9.5/7.0.2 on July 17 and switched on forced auto-updates. Patch now, before the public details become a working exploit.</description>
      <category>news</category>
      <category>threats</category>
      <category>engineering</category>
      <content:encoded><![CDATA[<p>On July 17, WordPress shipped versions 6.9.5 and 7.0.2 and did something it reserves for genuine emergencies: it <strong>enabled forced automatic updates</strong> for the fix. The reason is a vulnerability chain the researchers call <strong>wp2shell</strong> — a pre-authentication remote code execution in WordPress <em>core</em>. Not a plugin, not a theme: a default install with zero plugins is exploitable by an anonymous HTTP request.</p><h2>How the chain works</h2><p>wp2shell is two bugs that are individually awkward and jointly severe. The first (CVE-2026-63030) is a route-confusion flaw in the REST API&#x27;s batch endpoint, <code>/wp-json/batch/v1</code>, which lets an unauthenticated request reach query paths that were assumed to be privileged. The second (CVE-2026-60137) is a SQL injection in the <code>author__not_in</code> parameter handling of <code>WP_Query</code>. Chained, the batch endpoint delivers the injection, and the injection escalates to code execution on the server. Affected versions run from 6.9.0 through 6.9.4 and 7.0.0 through 7.0.1.</p><p>As of the initial disclosure there was no public proof-of-concept and no confirmed in-the-wild exploitation — but the technical details are now public, and for a target surface measured in hundreds of millions of sites, the interval between &quot;details public&quot; and &quot;mass exploitation&quot; is historically measured in days. If you run WordPress anywhere — including the forgotten marketing microsite from 2023 — verify it&#x27;s on 6.9.5/7.0.2 today, and don&#x27;t assume auto-update reached it: hosts with disabled auto-updates, version-pinned containers, and heavily customized installs are exactly where forced updates fail silently.</p><h2>Why &quot;in core, pre-auth&quot; changes the math</h2><p>The WordPress ecosystem&#x27;s usual security story is &quot;core is solid, plugins are the risk&quot;. That heuristic shapes real decisions — teams audit plugins and treat core as furniture. A pre-auth core RCE inverts it: every install is in scope regardless of hygiene, and attackers can scan for it generically instead of fingerprinting plugin combinations. The last flaws of this class in core are years in the past, which is precisely why patch urgency is high — muscle memory says WordPress core can wait. This one can&#x27;t.</p><h2>Meanwhile, at the perimeter: the SonicWall story escalated</h2><p>The SMA1000 zero-days we covered this week found their operator: researchers now report the <strong>INC Ransom</strong> operation exploiting the two SonicWall flaws in tandem, gaining root on the mobile-access appliances that sit in front of corporate networks. That completes a familiar arc — zero-day, credential harvest, then ransomware crews industrializing the access. If you patched but didn&#x27;t rotate the credentials and MFA seeds those boxes held, the patch closed the door after the keys left.</p><p>And the week&#x27;s leak-site churn continued across regions — claims posted against a Dutch food supplier, a Hungarian building-materials maker, a UK microfinance firm and a Japanese industrial manufacturer, by groups including Play, Gunra and INC. Individually small stories; collectively the base rate that never makes headlines.</p><h2>The takeaway</h2><p>Two deadlines this weekend, then. Patch WordPress before the exploit writes itself — forced updates are on, but verify, don&#x27;t trust. And if you own a SonicWall SMA appliance, treat it as post-compromise: patch, then rotate everything it stored, because ransomware operators demonstrably already have the playbook. Both stories reduce to the same rule that keeps recurring this month: the fix isn&#x27;t finished when the software is current — it&#x27;s finished when the secrets the attacker could have taken stop working.</p><p>A note on sourcing: details above come from the WordPress security release, the researchers&#x27; published analysis, and incident reporting from established security press; the INC Ransom attribution reflects current public reporting and may be refined as investigations continue.</p>]]></content:encoded>
    </item>
    <item>
      <title>How one-time secret links actually work: the URL fragment trick, explained</title>
      <link>https://secretus.app/blog/how-one-time-secret-links-work</link>
      <guid isPermaLink="true">https://secretus.app/blog/how-one-time-secret-links-work</guid>
      <pubDate>Fri, 17 Jul 2026 00:00:00 GMT</pubDate>
      <description>The entire security model of a one-time secret link hangs on one old browser rule: everything after the # in a URL never leaves your device. Here&apos;s how that becomes a link the server that hosts it cannot read — and what the model does and doesn&apos;t protect against.</description>
      <category>encryption</category>
      <category>engineering</category>
      <category>explainers</category>
      <content:encoded><![CDATA[<p>One-time secret links look like magic the first time you meet them: you paste a password, get a URL, and the service swears it cannot read what you wrote — even though it&#x27;s hosting it. No browser plugin, no shared key ceremony, no account needed on the receiving end. The whole trick rests on a browser behavior older than most of the web: <strong>the URL fragment</strong>.</p><h2>The # that never leaves your device</h2><p>A URL like <code>example.com/s/abc123#async_Jx9…</code> has two very different halves. Everything before the <code>#</code> — the path — is sent to the server with every request. Everything after it — the fragment — is not. That&#x27;s not a product feature; it&#x27;s how HTTP has worked since the 1990s. Fragments were designed to scroll you to a section of a page, so browsers keep them strictly client-side: they never appear in the request, in server logs, or in standard proxy logs.</p><p>That one rule makes an elegant design possible: put the <strong>decryption key</strong> in the fragment. The sender&#x27;s browser generates a random AES-256-GCM key, encrypts the secret locally, uploads only the ciphertext, and appends the key to the link after the <code>#</code>. When the recipient opens it, their browser downloads the ciphertext, reads the key from the fragment <em>locally</em>, and decrypts in the page. The service in the middle stores and serves ciphertext it has no key for.</p><h2>Why &quot;one-time&quot; is the other half of the design</h2><p>A link that carries its own key is a <strong>bearer capability</strong>: whoever holds the complete URL can read the secret. That&#x27;s also its weakness — links get forwarded, previewed, and logged in chat apps. The mitigation is burning the ciphertext on first read. After one successful retrieval, the server deletes what it stored; the same link opened a second time returns nothing to decrypt. A stolen link that has already been used is a dead end — and a link that arrives already-consumed tells the sender something is wrong.</p><p>Expiry completes the model: a secret that&#x27;s never opened shouldn&#x27;t wait around forever, so unopened ciphertext is deleted on a timer measured in minutes or days, not months.</p><h2>What this model protects against — and what it can&#x27;t</h2><p>Against a database leak, the design holds up remarkably well: an attacker who copies the server&#x27;s storage gets ciphertext without keys. Against a curious operator, likewise — there is nothing readable to be curious about. This is why the architecture is often called zero-knowledge for this mode: the knowledge genuinely isn&#x27;t there.</p><p>Honesty requires the other list too. The model does not protect against someone who intercepts the <em>complete link</em> before the intended recipient opens it — that&#x27;s why the channel you send a link through, and a short expiry, still matter. It doesn&#x27;t protect against malware on either endpoint, or a recipient who copies the secret after legitimately opening it. And it requires trusting the JavaScript the service ships, since the encryption runs in the page. No honest vendor will tell you a bearer link is unconditionally safe; the claim is narrower and more useful — the server, its backups, and its operators never hold what&#x27;s needed to read your secret.</p><h2>Why this beats the alternatives for one-off sharing</h2><p>Compare the failure modes. A password pasted in chat lives in that channel&#x27;s history and backups indefinitely — this week&#x27;s incident reporting is full of exactly that pattern. An email attachment is an archive entry on at least two servers. A password manager&#x27;s shared vault is excellent for long-lived team credentials, but overkill and over-persistent for &quot;here&#x27;s the Wi-Fi key for the contractor&quot;. The one-time link occupies the gap: transport for a secret that should exist in transit briefly, be readable once, and leave an auditable puff of smoke instead of a copy.</p><p>The next time a tool hands you a link with a long string after the <code>#</code>, you&#x27;ll know exactly what you&#x27;re holding: the key itself, riding in the one part of the URL the internet never sees.</p>]]></content:encoded>
    </item>
    <item>
      <title>The five places secrets go to leak: .env files, CI logs, chat, tickets, and code</title>
      <link>https://secretus.app/blog/where-secrets-leak-env-ci-chat</link>
      <guid isPermaLink="true">https://secretus.app/blog/where-secrets-leak-env-ci-chat</guid>
      <pubDate>Fri, 17 Jul 2026 00:00:00 GMT</pubDate>
      <description>Almost every credential breach starts in one of five mundane places. A field guide to where secrets actually escape from — with the accumulation mechanics behind each one, and the habits that keep them empty.</description>
      <category>credentials</category>
      <category>engineering</category>
      <category>explainers</category>
      <content:encoded><![CDATA[<p>Follow enough incident reports and a boring truth emerges: secrets rarely leak from vaults. They leak from the five ordinary places where copies accumulate while nobody&#x27;s looking. This month alone, public reporting has described stolen SSH keys and access tokens sitting in source repositories, credentials bought off forums that still worked, and MFA seed files lifted from network appliances. Different headlines, same root cause: a secret at rest in a place nobody was guarding.</p><p>Here&#x27;s the field guide, ranked roughly by how often each shows up.</p><h2>1. Code and config: the key ring nobody meant to build</h2><p>Nobody decides to store credentials in Git. It accrues: a connection string committed &quot;just for the demo&quot;, a deploy key in a README, an <code>.env</code> that slipped past <code>.gitignore</code>. Deleting the file later doesn&#x27;t help — Git history remembers, and secret scanners (both the defenders&#x27; and the attackers&#x27;) read history, not just the latest commit. The fix is structural, not heroic: scanners in CI that fail the build (gitleaks, trufflehog, GitHub secret scanning), short-lived credentials that make an old leak worthless, and cloud identity federation so most keys don&#x27;t need to exist at all.</p><h2>2. CI/CD logs and artifacts: the echo chamber</h2><p>Build pipelines are handed the most powerful credentials in the company, then asked to print debugging output. One <code>echo</code>, one verbose flag, one crash dump, and a token lands in a log that dozens of people and several integrations can read. Masking helps but breaks on transformations (base64, JSON-escaped, split across lines). Treat build logs as semi-public: scope CI credentials tightly, expire them in minutes via OIDC federation instead of storing long-lived secrets, and audit what your pipeline prints.</p><h2>3. Chat: the archive that feels like a hallway</h2><p>Chat feels ephemeral — that&#x27;s the trap. Every &quot;here&#x27;s the admin password 🙏&quot; becomes a permanently searchable record, replicated to every device and export. An attacker who lands one account doesn&#x27;t read messages; they search <code>password</code>, <code>apikey</code>, <code>-----BEGIN</code>. The countermeasure is a habit, not a product: credentials never travel in message bodies. Send a link that expires and burns after one read, so the archive holds a dead link instead of a working key.</p><h2>4. Tickets and wikis: the institutional memory problem</h2><p>Support tickets, runbooks and onboarding wikis collect credentials because they&#x27;re where people ask for access and write down &quot;how to get in&quot;. Unlike chat, they&#x27;re <em>designed</em> to be durable and broadly readable — which makes them the best-indexed credential store an intruder could ask for. Same rule as chat, plus one: when a credential must be referenced in documentation, reference <em>where to obtain it</em> (the vault path, the request process), never the value.</p><h2>5. Inboxes: the oldest archive of all</h2><p>Email is where third parties send you credentials — and where they stay, through years of forwarding rules, delegated access, and the occasional mailbox compromise. You can&#x27;t always control what others send you; you can control the half-life: move received credentials into a manager immediately, delete the email, and rotate anything that arrived in plaintext, because you have no idea how many hops it took.</p><h2>The common mechanics</h2><p>All five share the same physics. Copies accumulate because pasting a value is easier than referencing it. Retention is unbounded because nothing in these systems expires by default. And discovery is trivial because all of them are searchable — for you and for whoever gets in. Flip each property and you get the defensive posture: fewer copies (reference, don&#x27;t paste), bounded lifetimes (short-lived credentials, expiring shares), and nothing worth searching for (dead links instead of live values).</p><p>None of this requires a security team. It requires deciding that a secret at rest in a log, a thread, a ticket, or a repo is a bug — and giving people a way to share one that doesn&#x27;t create a permanent copy: a channel where the secret expires, can be read exactly once, and confirms it was delivered. Make the safe path the lazy path, and the five places above stay empty.</p>]]></content:encoded>
    </item>
    <item>
      <title>£29 million and 27,000 in-person password resets: the TfL hack&apos;s bill came due</title>
      <link>https://secretus.app/blog/tfl-hack-sentencing-27000-password-resets</link>
      <guid isPermaLink="true">https://secretus.app/blog/tfl-hack-sentencing-27000-password-resets</guid>
      <pubDate>Fri, 17 Jul 2026 00:00:00 GMT</pubDate>
      <description>Two Scattered Spider members were sentenced on July 16 for the 2024 Transport for London attack. The intrusion chain was pure credential work — bought logins, a 2FA reset, one persuaded help desk — and the recovery bill shows what re-establishing trust in credentials at scale really costs.</description>
      <category>news</category>
      <category>breaches</category>
      <category>credentials</category>
      <content:encoded><![CDATA[<p>On July 16, 2026, Woolwich Crown Court sentenced Owen Flowers, 18, and Thalha Jubair, 20, to five and a half years each for the 2024 attack on Transport for London. The UK&#x27;s National Crime Agency describes both as leading members of <strong>Scattered Spider</strong> — the extortion crew also tracked as Octo Tempest, UNC3944 and 0ktapus, the same scene credited with the MGM Resorts attack in 2023 and the wave against UK retailers in 2025. Flowers additionally admitted charges over attacks on US healthcare organizations.</p><p>The numbers from the case are worth sitting with. The intrusion ran from August 31 to September 3, 2024 — four days. It left <strong>148 TfL systems inoperable</strong>, and the NCA and CPS put losses and recovery at <strong>£29 million</strong>. And it produced one of the most striking logistics operations in incident-response history: all <strong>27,000 TfL employees were required to show up in person</strong> to have their passwords reset and identities verified, one by one.</p><h2>The attack chain had no exploit in it</h2><p>According to the case reporting, the pair bought partial TfL credentials on criminal forums, used them to reset the two-factor authentication on employee accounts, then impersonated an employee and talked a help-desk worker into resetting an account password. That&#x27;s the entire entry chain: bought secrets, a weak reset flow, and one persuasive phone call. No zero-day, no malware innovation — the same three moves Scattered Spider has used against casinos, retailers and insurers for years.</p><p>Two people barely out of school, working from bedrooms, took 148 systems away from one of the world&#x27;s largest transport authorities. The asymmetry isn&#x27;t a talent story; it&#x27;s a structure story. Credential-based attacks scale down to two teenagers because the defenses that stop them — phishing-resistant MFA, hardened reset procedures, credentials that can&#x27;t be bought because they expire — weren&#x27;t there.</p><h2>Why recovery cost more than the attack</h2><p>The in-person reset marathon is the detail that should stick. Once an identity system is compromised, every remote channel you&#x27;d normally use to re-issue credentials — email, SMS, the help desk itself — is potentially in the attacker&#x27;s hands. TfL&#x27;s answer was the only fully trustworthy channel left: physical presence, 27,000 times. That is what &quot;re-establishing trust in credentials at scale&quot; actually looks like when you have no pre-established secure channel for distributing new secrets.</p><p>Most organizations never budget for this. The cost of a credential compromise isn&#x27;t the ransom you didn&#x27;t pay — it&#x27;s rebuilding the entire chain of trust afterwards, credential by credential, human by human.</p><h2>What to change before it&#x27;s your help desk</h2><ul><li><strong>Treat the help desk as your perimeter.</strong> Password and MFA resets are the highest-privilege operation in the company. Require verification that can&#x27;t be socially engineered — callbacks to known numbers, manager confirmation, or in-person/video checks for privileged accounts.</li><li><strong>Make bought credentials worthless.</strong> The entry point was partial credentials purchased on a forum — meaning they&#x27;d leaked long before and still worked. Short-lived sessions, phishing-resistant MFA (passkeys/FIDO2, not SMS or push), and monitoring for credential-stuffing patterns turn stale loot into junk.</li><li><strong>Have a secure redistribution channel before you need it.</strong> The question &quot;how do we get new credentials to thousands of people when email is untrusted?&quot; has exactly two answers: physical presence (£29M edition), or a pre-agreed out-of-band channel where each new secret expires, can be read once, and confirms delivery. Deciding this during the incident is what makes it expensive.</li><li><strong>Rehearse the reset day.</strong> Tabletop the scenario where your identity provider itself is suspect. Who re-issues what, over which channel, verified how? TfL improvised it under pressure with the whole city watching.</li></ul><h2>The takeaway</h2><p>The sentencing closes the legal chapter, but the economics are the lesson: the attackers spent close to nothing, and the defenders spent £29 million — most of it on the unglamorous work of making 27,000 identities trustworthy again. Every credential that leaks and keeps working, every reset flow that trusts a voice on the phone, is a prepayment on that bill. Credentials should expire, resets should be hard to fake, and the channel for handing someone a new secret should exist before the morning you need 27,000 of them.</p>]]></content:encoded>
    </item>
    <item>
      <title>Stolen TOTP seeds and a CVSS 10: the week your MFA became the loot</title>
      <link>https://secretus.app/blog/sonicwall-totp-seeds-perimeter-zero-days</link>
      <guid isPermaLink="true">https://secretus.app/blog/sonicwall-totp-seeds-perimeter-zero-days</guid>
      <pubDate>Fri, 17 Jul 2026 00:00:00 GMT</pubDate>
      <description>SonicWall SMA1000 zero-days are being exploited to steal credentials, session databases — and TOTP seed configurations, the secrets your MFA is made of. Add a 9.8 in Zoom, a record 570-flaw Patch Tuesday, and actively exploited SharePoint bugs: July&apos;s perimeter fire drill, and what it says about where secrets live.</description>
      <category>news</category>
      <category>threats</category>
      <category>credentials</category>
      <content:encoded><![CDATA[<p>If you run anything at a network edge, this was a long week. In the span of a few days: two SonicWall zero-days exploited in the wild (one scoring a perfect CVSS 10.0), a critical account-takeover flaw in Zoom for Windows, a record-breaking Microsoft Patch Tuesday, and a CISA warning about active exploitation of on-premises SharePoint. Underneath the patching chaos runs one quieter theme worth pulling out: <strong>what the attackers were actually taking</strong>.</p><h2>SonicWall: the appliance as a secrets vault — for the attacker</h2><p>SonicWall warned that two SMA1000 vulnerabilities are being exploited in tandem as zero-days: <strong>CVE-2026-15409</strong>, an unauthenticated server-side request forgery in the Work Place interface rated <strong>CVSS 10.0</strong>, and <strong>CVE-2026-15410</strong>, a post-authentication command injection in the management console. Affected models include the SMA6210, SMA7210 and SMA8200v; the US government gave federal agencies until July 17 to patch or unplug.</p><p>The payload is the part that deserves a second read. Per incident responders, the attackers used the chain for stealthy initial access and then extracted <strong>credentials, active session databases, and TOTP seed configurations</strong>. Read that last one again: the seeds that generate your six-digit MFA codes. Whoever holds the seed can mint valid codes forever — your second factor stops being a factor. It&#x27;s a reminder that MFA seeds, session stores and cached credentials are secrets like any other, and the appliances that hold them are single points where thousands of them can be stolen at once.</p><h2>The rest of the fire drill</h2><ul><li><strong>Zoom Workplace for Windows (CVE-2026-53412, CVSS 9.8)</strong> — a critical flaw that could enable account takeover; updates are out. Collaboration tools sit on every machine in the company, which makes them perimeter whether you think of them that way or not.</li><li><strong>Microsoft Patch Tuesday</strong> — a record ~570 vulnerabilities addressed in one cycle, including two zero-days already exploited in attacks and one publicly disclosed. Patch pipelines built for a few dozen fixes a month are being stress-tested by volume alone.</li><li><strong>SharePoint, again</strong> — CISA warned that three vulnerabilities in internet-exposed on-premises SharePoint servers are under active exploitation. If last year&#x27;s ToolShell wave didn&#x27;t move your on-prem SharePoint behind a VPN or into retirement, this is the second memo.</li><li><strong>Also this week:</strong> US military health beneficiaries&#x27; data was exposed in a breach at TRICARE West, and Spanish police disrupted a fraud ring accused of laundering €140 million from cyberattacks — a useful reminder that the money side of this economy is industrial too.</li></ul><h2>The pattern: secrets concentrate at the edge</h2><p>The SonicWall incident is the cleanest illustration in months of a truth that patch notes tend to bury: edge appliances aren&#x27;t just doors, they&#x27;re <strong>warehouses</strong>. VPN concentrators and secure-access gateways hold password caches, live sessions, and MFA material for the whole workforce. Compromise one and you don&#x27;t need to phish anyone — you walk out with the identity layer itself. The same logic applies to anywhere else secrets pool: chat exports, ticketing systems, CI logs, inboxes.</p><h2>What actually helps</h2><ul><li><strong>Patch the named boxes now</strong> — SMA1000 (both CVEs), Zoom for Windows, exposed SharePoint. The federal deadline for SonicWall was this week for a reason: exploitation is current, not theoretical.</li><li><strong>After patching, assume extraction.</strong> If an exploited appliance held credentials, sessions or TOTP seeds, rotate them — re-enroll MFA where seeds may have left. A patched box with stolen seeds is still a compromised identity system.</li><li><strong>Prefer phishing-resistant, device-bound factors.</strong> Passkeys and hardware keys don&#x27;t have a seed file an appliance can leak. TOTP was a huge upgrade over passwords; it still depends on a shared secret sitting in storage somewhere.</li><li><strong>Keep secrets moving, not resting.</strong> Every archive of credentials — in an appliance, an inbox, a chat history — is a future headline waiting for its CVE. Share secrets over channels that expire and self-destruct, keep the durable copies in a proper manager, and let everything in between be short-lived.</li></ul><p>A note on sourcing: the incidents above were reported this week by the vendors themselves, national agencies, and established security press. Details of the SonicWall intrusions come from public incident-response reporting and may evolve as investigations continue.</p>]]></content:encoded>
    </item>
    <item>
      <title>This week in security: Turla hits Romania, 35 GB walks out of Accenture, and 12 million KDDI logins</title>
      <link>https://secretus.app/blog/security-week-review-2026-07-15</link>
      <guid isPermaLink="true">https://secretus.app/blog/security-week-review-2026-07-15</guid>
      <pubDate>Wed, 15 Jul 2026 00:00:00 GMT</pubDate>
      <description>A regional tour of the week of July 8–15, 2026: Russia&apos;s FSB-linked Turla targeting Romania and the EU, the D1R ransomware campaign against Arm and Bosch, Accenture&apos;s alleged 35 GB source-code theft, and Japan&apos;s biggest telecom breach of the year.</description>
      <category>news</category>
      <category>breaches</category>
      <category>threats</category>
      <content:encoded><![CDATA[<p>This week had everything: a nation-state campaign formally condemned by an EU government, a ransomware crew going big-game hunting across European tech, a consulting giant allegedly losing a repository full of keys, and a telecom breach measured in the tens of millions. Here&#x27;s the week of July 8–15, 2026, region by region — and the thread that ties it together.</p><p>A note on sourcing: every incident below was reported by reputable outlets, vendors, or government bodies during the week. Where a claim comes from an attacker&#x27;s leak site and hasn&#x27;t been independently verified, we say so.</p><h2>Romania and the EU: Turla, named and condemned</h2><p>On July 14, Romania formally condemned hostile cyber operations attributed to groups controlled by Russia&#x27;s FSB — specifically the long-running espionage actor <strong>Turla</strong>, active since at least 2004. President Nicușor Dan called the attacks part of &quot;a broader hybrid campaign, meant to undermine the stability of our democracies.&quot; Reported targets include government institutions and critical infrastructure; earlier this year, dozens of Romanian military email addresses were compromised, though classified systems were reportedly not reached.</p><p>Romania wasn&#x27;t alone. France reported Russian cyber campaigns affecting roughly ten European countries, the EU&#x27;s High Representative issued a formal condemnation of Russia&#x27;s &quot;malicious cyber ecosystem,&quot; NATO&#x27;s North Atlantic Council published its own statement, and Germany and France summoned Russian ambassadors. Espionage against EU institutions is not new — what&#x27;s notable is how publicly and collectively it was attributed this time.</p><h2>European tech: D1R goes big-game hunting</h2><p>A newly tracked ransomware operation calling itself <strong>D1R</strong> updated its leak site on July 13 with three high-profile names at once: chip designer <strong>Arm</strong> (UK), engineering giant <strong>Bosch</strong> (Germany), and design-software maker <strong>Synopsys</strong> (US). Researchers link the campaign to exploitation of perimeter appliances — a Check Point Security Gateway flaw (CVE-2026-50751) used to bypass VPN authentication, and a Cisco Secure Firewall FMC bug (CVE-2026-20131) used to pivot deeper.</p><p>Important caveat: these are attacker claims. Synopsys says it has found no evidence of a breach, and the scale of what was actually taken from any of the three is unverified. But the target selection — semiconductor IP and the software that designs it — says a lot about where extortion economics are heading, and the entry vector is the same story security teams have lived through for three years: the VPN box at the perimeter.</p><h2>United States: Accenture&#x27;s 35 GB problem</h2><p>A threat actor using the handle &quot;888&quot; claimed on a cybercrime forum to have taken roughly <strong>35 GB from Accenture</strong> — not customer records, but source code, RSA and SSH keys, Azure personal access tokens, Azure Storage keys, and configuration files, with a screenshot of a private Azure DevOps repository as proof. Accenture said it was &quot;aware of this isolated matter&quot; and had &quot;remediated its source,&quot; without confirming what, if anything, left. We wrote a separate deep-dive on why a leak of this shape — keys inside code — is its own category of incident.</p><p>Elsewhere in the US: the <strong>Conduent</strong> healthcare breach grew to more than 62 million affected individuals in updated filings; <strong>AssuranceAmerica</strong> disclosed nearly 7 million records exposed after a single employee account was compromised; and reporting pointed to a compromise of DHS information-sharing infrastructure. On July 14 the US Treasury sanctioned a VPN provider and two individuals accused of servicing ransomware crews — infrastructure takedowns are increasingly financial, not just technical.</p><h2>Asia: Japan&#x27;s telecom breach of the year</h2><p>Japanese telecom giant <strong>KDDI</strong> confirmed that attackers accessed the email platform serving five ISPs (including BIGLOBE, NIFTY and JCOM), exposing about <strong>12.2 million email addresses and 7.6 million passwords</strong>. The intrusion began on May 16 through a zero-day in a third-party email platform — unknown even to the vendor — and wasn&#x27;t detected until June 17. Passwords at that scale become credential-stuffing ammunition against every other service where people reused them, which is why the disclosure was paired with a forced reset campaign.</p><p>The wider region had a busy week too: ransomware claims were posted against Saudi jewelry manufacturer L&#x27;azurde, Hong Kong&#x27;s Intron Technology, and India&#x27;s Omax Autos, among others — all leak-site claims at this stage, but a reminder that extortion is fully global.</p><h2>Also worth your attention</h2><ul><li><strong>Developer tools as attack surface:</strong> researchers disclosed a zero-click remote-code-execution chain in the Cursor AI code editor, and active attacks abusing an Azure CLI weakness to sidestep MFA and Conditional Access. The tools that hold your credentials are targets themselves.</li><li><strong>AI-operated ransomware:</strong> reporting this week described what researchers called the first ransomware intrusion conducted almost entirely by an autonomous AI agent, exploiting a Langflow vulnerability. Whatever the label ends up being, the marginal cost of running an intrusion is falling fast.</li></ul><h2>The common thread</h2><p>Strip the names away and the week reduces to three root causes: perimeter appliances with known flaws (D1R&#x27;s entry path), a zero-day in a trusted third-party platform (KDDI), and long-lived credentials sitting where they could be copied (Accenture&#x27;s alleged keys-in-code, KDDI&#x27;s password trove). Nobody broke encryption. They found secrets that were reusable and reused them.</p><p>The practical lesson is the same one every week like this teaches: a credential is dangerous in proportion to how long it stays valid and how many places it lives. Prefer short-lived, single-purpose secrets. Rotate what might be exposed. And when you have to hand someone a password or a key, use a channel that expires and self-destructs — not an inbox or a chat log that quietly becomes an archive of everything you ever shared.</p>]]></content:encoded>
    </item>
    <item>
      <title>The Accenture claim: when the loot is 35 GB of source code — and the keys inside it</title>
      <link>https://secretus.app/blog/accenture-breach-keys-in-the-code</link>
      <guid isPermaLink="true">https://secretus.app/blog/accenture-breach-keys-in-the-code</guid>
      <pubDate>Wed, 15 Jul 2026 00:00:00 GMT</pubDate>
      <description>An attacker claims 35 GB of Accenture source code, SSH keys, and Azure tokens. Whatever the final numbers turn out to be, it&apos;s the perfect case study in why a code leak is really a credential leak — and what to do about the keys living in your own repos.</description>
      <category>breaches</category>
      <category>credentials</category>
      <category>engineering</category>
      <content:encoded><![CDATA[<p>On July 8, 2026, a threat actor going by &quot;888&quot; posted on a cybercrime forum claiming to have taken roughly 35 GB from Accenture. The claimed haul is the interesting part: not customer databases, but <strong>source code, RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files</strong>, with a screenshot of a private Azure DevOps repository offered as proof. Accenture&#x27;s response acknowledged an &quot;isolated matter&quot; whose source has been &quot;remediated,&quot; without confirming that data was exfiltrated.</p><p>Fairness first: attacker claims are marketing, and until someone independently validates that archive, the numbers deserve skepticism. But the shape of the claim is worth studying regardless of how this particular story resolves, because it describes the most common failure mode in modern engineering organizations: <strong>repositories quietly become key rings</strong>.</p><h2>A code leak is a credential leak</h2><p>Ask what each claimed artifact type actually unlocks and the incident stops looking like intellectual-property theft and starts looking like an access package:</p><ul><li><strong>SSH keys</strong> — direct authentication to servers, jump hosts, and Git remotes. A passphrase-less key in a repo is a door that opens for whoever holds the file.</li><li><strong>Azure personal access tokens</strong> — scoped like the developer who minted them: repos, pipelines, artifact feeds. PATs are long-lived by default and rarely inventoried.</li><li><strong>Storage access keys</strong> — full read/write on storage accounts, independent of any user identity, invisible to conditional-access rules.</li><li><strong>Configuration files</strong> — connection strings, service passwords, webhook URLs, internal hostnames: a map of the estate plus some of the keys to it.</li></ul><p>That&#x27;s why &quot;source code stolen&quot; is the wrong headline for incidents like this. Code can be rewritten; the credentials embedded in and around it keep working until someone finds and revokes every copy. The half-life of a leaked repository is measured in the lifetime of the longest-lived secret inside it.</p><h2>Why this keeps happening to sophisticated companies</h2><p>Nobody decides to store keys in Git. It accumulates: a config committed &quot;just for the demo,&quot; a deploy key pasted into a README, a token in a CI variable that gets echoed into a build log, a <code>.env</code> that slipped past the <code>.gitignore</code>. Each one is small; a decade of them across thousands of repositories is 35 GB with keys in it. Accenture — a company that sells security consulting — has now had several public incidents since 2017. If it can happen there, the honest conclusion is that it happens everywhere, and the differentiator is how fast you can find and kill exposed credentials, not whether they exist.</p><h2>The playbook if this were your repo</h2><p>Treat a repository exposure as a credential incident from minute one:</p><ul><li><strong>Assume everything in the repo is burned.</strong> Rotate first, and investigate afterwards. Waiting to &quot;confirm exfiltration&quot; before rotating is how a leak becomes a takeover.</li><li><strong>Inventory before you need it.</strong> Run secret scanners (gitleaks, trufflehog, GitHub secret scanning) across the full history, not just HEAD — deleting a key from the latest commit doesn&#x27;t remove it from <code>git log</code>.</li><li><strong>Shorten lifetimes structurally.</strong> Replace long-lived PATs and static storage keys with short-lived, identity-bound credentials (OIDC federation for CI, managed identities, SAS tokens with expiry). A key that expires in an hour is a much smaller story than one minted in 2023.</li><li><strong>Fix the rotation channel too.</strong> The moment you rotate, the new secret has to reach a teammate or a deployment — and the reflex is to paste it into chat or email, recreating the original problem in a new location. Rotated credentials should travel through a channel that expires, can only be read once, and leaves an audit trail.</li><li><strong>Watch for reuse.</strong> Exposed keys get tried. Alert on authentication from new networks with old credentials, and on PAT/API usage patterns that don&#x27;t match the owning team.</li></ul><h2>The quiet takeaway</h2><p>Whether &quot;888&quot; has 35 GB or 35 MB, the claim worked as an advertisement because everyone who read it recognized their own repositories in it. The fix isn&#x27;t a heroic cleanup sprint once a headline lands — it&#x27;s making long-lived, copyable secrets structurally rare: short lifetimes by default, scanning in CI, and sharing channels that self-destruct instead of becoming archives. Secrets should be boring, brief, and single-use. The ones that make headlines are always the ones that were allowed to live forever.</p>]]></content:encoded>
    </item>
    <item>
      <title>The biggest hacks and breaches of 2025–2026</title>
      <link>https://secretus.app/blog/biggest-hacks-and-breaches-2025-2026</link>
      <guid isPermaLink="true">https://secretus.app/blog/biggest-hacks-and-breaches-2025-2026</guid>
      <pubDate>Mon, 13 Jul 2026 00:00:00 GMT</pubDate>
      <description>Nation-state telecom espionage, SaaS supply-chain token theft, help-desk social engineering, and record-breaking extortion. A field guide to the landmark cyber incidents of 2025 and early 2026 — and the common thread running through them.</description>
      <category>news</category>
      <category>breaches</category>
      <category>threats</category>
      <content:encoded><![CDATA[<p>If one theme defined 2025 and the first half of 2026, it&#x27;s that attackers stopped kicking down doors and started walking through them — with stolen tokens, a convincing phone call to a help desk, or a poisoned software update. The biggest incidents of the period weren&#x27;t clever exploits so much as failures of trust: in a vendor, an identity, a support process, a dependency. Here are the ones worth knowing, grouped by how they happened.</p><p>A note on sourcing: every incident below was widely reported by reputable outlets, vendors, or government bodies. Where attribution or scale was contested, we say so rather than pretend to certainty.</p><h2>Nation-state espionage went mainstream</h2><p><strong>Salt Typhoon</strong> was the defining espionage story of the era. A China state-linked group breached at least nine major US telecom carriers, reaching the lawful-intercept (wiretap) systems and call metadata that carriers are required to maintain; the FBI later described 200+ targets across 80+ countries. The US Treasury sanctioned a linked firm in January 2025. It&#x27;s widely called one of the worst telecom compromises in US history — and a reminder that the surveillance infrastructure built for law enforcement is itself a target.</p><p><strong>SharePoint &quot;ToolShell&quot; (CVE-2025-53770)</strong> saw an unauthenticated remote-code-execution chain in on-premises Microsoft SharePoint mass-exploited worldwide from July 2025, compromising 150+ organizations across four continents, with some intrusions escalating to ransomware. Microsoft attributed activity to China-linked groups (Linen Typhoon, Violet Typhoon) alongside a ransomware actor.</p><p>The edge kept bleeding, too. <strong>Ivanti Connect Secure (CVE-2025-0282)</strong> and a pair of <strong>Cisco ASA/FTD zero-days (CVE-2025-20333 and CVE-2025-20362)</strong> were exploited in the wild to plant espionage malware and persistence that survived reboots. The pattern is now familiar: VPNs, firewalls, and other internet-facing appliances are prime real estate for suspected nation-state actors, because they sit at the perimeter and are hard to inspect.</p><h2>The supply chain was the real target</h2><p><strong>The Salesloft Drift breach (UNC6395)</strong> was the landmark identity/SaaS supply-chain attack. In August 2025, attackers stole OAuth refresh tokens from the Salesloft &quot;Drift&quot; chatbot integration and used them to bulk-export Salesforce data from 700+ organizations — including Cloudflare, Google, Palo Alto Networks, and Zscaler — then mined the stolen records for cloud keys and other secrets. No password was cracked; a trusted integration&#x27;s tokens were simply reused. It&#x27;s the clearest case yet that in a connected SaaS world, an OAuth token is a skeleton key.</p><p><strong>The npm &quot;Shai-Hulud&quot; worm</strong> hit open source. After a maintainer was phished via a fake 2FA-reset domain, attackers hijacked widely used packages (including <code>debug</code> and <code>chalk</code>, with billions of weekly downloads combined) and planted a self-replicating worm that steals cloud and CI tokens and spreads to other maintainer accounts. A later wave reached tens of thousands of GitHub repositories. One phished developer, and the blast radius was the entire JavaScript ecosystem.</p><h2>Extortion hit record scale</h2><p><strong>The Oracle E-Business Suite zero-day (CVE-2025-61882)</strong> was the marquee CVE-driven event. The Cl0p extortion group exploited an unauthenticated RCE (CVSS 9.8) to steal data from dozens of enterprises, then ran a mass executive-email extortion campaign before Oracle patched it in October 2025 — a textbook example of a single flaw turned into an assembly line of extortion.</p><p><strong>The Marks &amp; Spencer attack</strong> brought it to the high street. In April–May 2025, social engineering of an IT help desk led to DragonForce ransomware and data theft across major UK retailers (M&amp;S, Co-op, Harrods), disrupting M&amp;S online operations for weeks with an estimated combined impact in the hundreds of millions of pounds. It was attributed to the English-speaking crew &quot;Scattered Spider&quot;; several suspects were arrested by the UK&#x27;s National Crime Agency in July 2025. The entry point wasn&#x27;t a zero-day — it was a persuasive phone call.</p><h2>When the data itself is the crown jewel</h2><p>A run of breaches showed how much sensitive data sits with third parties and back-office providers:</p><ul><li><strong>Conduent</strong> — a ransomware intrusion at the business-process giant reportedly stole around 8.5 TB of data; the affected population grew across disclosures into the tens of millions, placing it among the largest US breaches on record. Claimed by the SafePay group.</li><li><strong>DaVita</strong> — a ransomware attack on the kidney-dialysis provider exposed protected health information of roughly 2.7 million people (April 2025), attributed to the Interlock group, which also forced a state-of-emergency declaration after hitting the City of St. Paul, Minnesota.</li><li><strong>Qantas</strong> — attackers compromised a third-party customer-servicing platform via a call center (June 2025), exposing data of up to ~5.7 million customers, amid an FBI warning that Scattered Spider was targeting aviation.</li><li><strong>Carnival</strong> — a 2026 social-engineering intrusion exposed data of roughly 6 million individuals, including passport and driver&#x27;s-license numbers; claimed by the ShinyHunters extortion brand, per reporting.</li></ul><h2>Destruction, not just theft</h2><p>Two incidents were about damage rather than data. <strong>Jaguar Land Rover</strong> was forced to halt global production for roughly five weeks from late August 2025, paralysing its supply chain with an estimated impact near £1.9B — described as possibly the most economically damaging cyberattack in UK history, prompting a government-backed loan guarantee. (Attribution was claimed by actors linked to the Scattered Spider/Lapsus$ scene but remains debated.) And in March 2026, destructive malware wiped tens of thousands of devices at the US medical-device maker <strong>Stryker</strong> — reportedly with staff watching machines wiped in real time — in a rare destructive attack on a Western manufacturer, reported as the work of an Iran-aligned hacktivist group.</p><h2>The common thread</h2><p>Look across the list and the same few root causes keep appearing: stolen tokens and credentials (Salesloft, npm, Salt Typhoon&#x27;s harvested access), social engineering of a human (M&amp;S, Qantas, Carnival), and trust placed in a third party that got compromised (Conduent, Drift, the supply-chain worms). Very little of it required breaking encryption. It required finding a secret that was lying around — an OAuth token, a saved password, an API key in a support ticket — and using it.</p><p>That&#x27;s the uncomfortable lesson for everyone, not just the Fortune 500: secrets are dangerous in proportion to how long they sit somewhere reusable. The defensive moves that actually move the needle are unglamorous — phishing- resistant MFA, short-lived tokens, least privilege, and not leaving credentials in inboxes, chat logs, and ticketing systems where a single compromise turns into an archive. If you&#x27;re going to hand someone a credential, hand them something that expires and can&#x27;t be replayed, not a message that lives forever. Most of the year&#x27;s biggest headlines started with a secret that outlived its usefulness.</p>]]></content:encoded>
    </item>
    <item>
      <title>What&apos;s new in Secretus: Teams, annual plans, and self-serve checkout</title>
      <link>https://secretus.app/blog/whats-new-teams-annual-plans-self-serve-checkout</link>
      <guid isPermaLink="true">https://secretus.app/blog/whats-new-teams-annual-plans-self-serve-checkout</guid>
      <pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate>
      <description>A product update: share one Business plan across your team via single-use invite links, pay yearly for two months free, and upgrade instantly with self-serve checkout — no more emailing sales.</description>
      <category>product-update</category>
      <category>teams</category>
      <category>billing</category>
      <content:encoded><![CDATA[<p>The last few weeks shipped the features people asked for most: a way to cover a whole team on one plan, yearly billing, and — finally — a real checkout so you can start a paid plan yourself in under a minute. Here&#x27;s the rundown.</p><h2>Teams: one Business plan, up to five people</h2><p>If you&#x27;re on the Business plan, you can now bring your team along without buying separate subscriptions for everyone. From your profile you generate a <strong>single-use invite link</strong>, valid for seven days, and send it however you like. When a teammate opens it and joins, their account is lifted to your Business tier automatically — files, API access, longer audit retention, all of it.</p><p>The invite links carry their token in the URL fragment, which browsers never send to a server, and each link works exactly once. You can see who used which invite, revoke unused ones, and remove members at any time, up to five seats. No email system is involved — you copy the link and share it over whatever channel you already trust.</p><h2>Annual plans: two months free</h2><p>Every paid tier now has a yearly option priced at ten months instead of twelve — so an annual plan is effectively <strong>two months free</strong> versus paying monthly. On the upgrade page you&#x27;ll find a Monthly / Annual toggle; pick whichever fits how you&#x27;d rather budget. Nothing else changes: same features, same limits, just a lower effective rate for committing to a year.</p><h2>Self-serve checkout: no more &quot;contact us&quot;</h2><p>Previously, moving from the free trial to a paid plan meant emailing us and waiting. That&#x27;s gone. The upgrade button now takes you straight to a secure hosted checkout, and your plan activates the moment payment clears. If you&#x27;re already subscribed, the same buttons route you to a billing portal to switch plans, update your card, or cancel — and there&#x27;s a hard guard against ever being charged twice.</p><p>Payments are handled by Stripe as merchant of record, so on your statement the charge appears via Link and your receipts and invoices are emailed to you automatically. You can download past invoices as PDFs from your profile at any time.</p><h2>A note on the free trial</h2><p>New accounts still start with a <strong>14-day trial with full access and no card required</strong>. When the trial ends, your account and any secrets you&#x27;ve received stay intact — you just choose a plan to keep creating new ones. Nothing is auto-charged, because we never took a card to begin with.</p><p>As always, none of this changes the core guarantee: secrets are encrypted in your browser, and our servers never receive plaintext or decryption keys. The billing system knows what plan you&#x27;re on — never what you shared.</p>]]></content:encoded>
    </item>
    <item>
      <title>The credential-leak playbook: how attackers find secrets in Slack and email</title>
      <link>https://secretus.app/blog/credential-leak-playbook-slack-email</link>
      <guid isPermaLink="true">https://secretus.app/blog/credential-leak-playbook-slack-email</guid>
      <pubDate>Wed, 08 Jul 2026 00:00:00 GMT</pubDate>
      <description>Post-breach, the first move is often a search box. Here&apos;s how leaked passwords, API keys and tokens actually get discovered in chat and inboxes — and the workflow that removes them from the archive entirely.</description>
      <category>threats</category>
      <category>credentials</category>
      <category>practical</category>
      <content:encoded><![CDATA[<p>When an attacker gets into a mailbox or a Slack workspace, they rarely start by doing something clever. They start by searching. The uncomfortable truth about most credential leaks is that they aren&#x27;t intercepted in transit — they&#x27;re <strong>found later, at rest</strong>, by someone who shouldn&#x27;t have access to the archive.</p><h2>Step one is always search</h2><p>Chat and email are, functionally, searchable databases of everything your team has ever said. That&#x27;s what makes them useful — and what makes them a goldmine after a compromise. The standard opening moves are boringly effective: search for <em>password</em>, <em>api key</em>, <em>secret</em>, <em>token</em>, <em>.pem</em>, <em>AKIA</em> (the prefix of AWS access keys), <em>BEGIN PRIVATE KEY</em>, or the name of your cloud provider. Whatever your team pasted, the search box finds.</p><p>Automated tools do the same at scale. Secret-scanning engines that defenders use to catch leaks in code work just as well for an attacker sifting an exported mailbox — regex patterns for key formats, high-entropy strings, and known token shapes turn a dump into a tidy list of live credentials.</p><h2>Why &quot;we use TLS&quot; doesn&#x27;t help here</h2><p>Transport encryption protects the message while it travels. It does nothing about the message sitting in the recipient&#x27;s inbox, your sent folder, both providers&#x27; servers, every backup, and every device either party has signed into since. A password sent in 2023 is present in all of those places today. Compromise any one of them and the credential is exposed — years after you stopped thinking about it.</p><h2>The offboarding problem</h2><p>There&#x27;s a quieter version of this that doesn&#x27;t even require a breach. The contractor you stopped working with two years ago still has every credential you ever sent them, scattered across their inbox and chat history. You have no inventory of what they hold and no way to revoke a copy that lives in someone else&#x27;s archive. The exposure didn&#x27;t end when the engagement did.</p><h2>Removing secrets from the archive</h2><p>The fix isn&#x27;t a better password or a stern policy — it&#x27;s making sure the secret was never in the searchable archive to begin with. That means sending a <strong>one-time link instead of the credential itself</strong>. The secret is encrypted in your browser; the decryption key rides in the URL fragment, which never reaches any server; and the first open destroys it. What lands in Slack or email is a link that, once used, opens nothing. The channel&#x27;s retention problem stops mattering, because there&#x27;s nothing sensitive left to find.</p><p>Two habits make this robust:</p><ul><li><strong>Treat a dead-on-arrival link as an incident.</strong> One-time delivery doubles as a tripwire — if a link reports &quot;already viewed&quot; before your recipient opened it, someone else did. Rotate the credential; you just caught an interception that a plain email would have hidden.</li><li><strong>Invert the flow when you&#x27;re receiving.</strong> Ask for secrets via a request link rather than letting people reply with a password in plaintext. It encrypts in <em>their</em> browser and gives you a one-time read — so the secret never lands in your inbox either.</li></ul><p>Credential leaks are rarely exotic. They&#x27;re an old message, found later, by the wrong person. The remedy costs thirty seconds: share something that dies on arrival instead of something that lives in the archive forever.</p>]]></content:encoded>
    </item>
    <item>
      <title>Post-quantum migration in 2026: what NIST, Apple, and Chrome already shipped</title>
      <link>https://secretus.app/blog/post-quantum-migration-2026</link>
      <guid isPermaLink="true">https://secretus.app/blog/post-quantum-migration-2026</guid>
      <pubDate>Fri, 03 Jul 2026 00:00:00 GMT</pubDate>
      <description>Post-quantum cryptography stopped being a research topic and started being deployed code. A field guide to what&apos;s already live in browsers and messengers — and why long-lived secrets can&apos;t wait for the timeline.</description>
      <category>post-quantum</category>
      <category>ML-KEM</category>
      <category>news</category>
      <content:encoded><![CDATA[<p>For years, &quot;post-quantum&quot; was something to worry about later. That framing is now out of date. Between 2024 and 2026 the standards were finalized and the largest platforms quietly turned post-quantum key exchange on by default. If you&#x27;re protecting anything with a long secrecy lifetime, the migration is no longer theoretical — it&#x27;s a checklist.</p><h2>What actually shipped</h2><p>In August 2024, NIST finalized the first post-quantum standards, with <strong>FIPS 203 (ML-KEM)</strong> as the key-encapsulation mechanism — the part that protects how two parties agree on a session key. That&#x27;s the piece that matters most, because the key exchange is exactly what a future quantum computer would target.</p><p>Deployment followed fast. Major browsers rolled out hybrid post-quantum key exchange for TLS, so a growing share of everyday HTTPS connections are already protected by a classical-plus-ML-KEM combination. Signal and Apple&#x27;s iMessage both moved to post-quantum key establishment for messaging. The through-line: the industry converged on <strong>hybrid</strong> designs — running the classical algorithm and the post-quantum one together — rather than betting everything on the newer scheme.</p><h2>Why hybrid, not replacement</h2><p>Lattice-based cryptography like ML-KEM is younger than elliptic curves, and prudent engineering doesn&#x27;t throw out the battle-tested thing to adopt the new thing wholesale. Hybrid key agreement runs both and combines their outputs through a key-derivation function, so an attacker has to break <em>both</em> the classical and the post-quantum layer. If ML-KEM is someday weakened by cryptanalysis, you still have today&#x27;s security; if a quantum computer arrives, the lattice half holds.</p><h2>The reason you can&#x27;t wait for the timeline</h2><p>Estimates for a cryptographically relevant quantum computer range from a decade to never — and arguing the date misses the point. The useful frame is Mosca&#x27;s inequality: if the time your data must stay secret, plus the time it takes you to migrate, is longer than the time until the machine exists, you&#x27;re already late. This is what makes <strong>harvest now, decrypt later</strong> a present-tense threat: an adversary can record encrypted traffic today and simply wait. A password you&#x27;ll rotate next week doesn&#x27;t care. An SSH key, a database export, medical records, M&amp;A documents — anything with a secrecy lifetime measured in years — very much does.</p><h2>Where Secretus fits</h2><p>Maximum Security mode adds <strong>ML-KEM-768 hybrid post-quantum key agreement</strong> to its authenticated, X3DH-style browser-to-browser handshake, combining the classical and post-quantum outputs before the per-message ratchet takes over. It&#x27;s aimed squarely at harvest-now-decrypt-later risk for the secrets that outlive a news cycle. And because that mode sends the secret directly between browsers over WebRTC, there&#x27;s no stored ciphertext sitting on a server to be harvested in the first place.</p><p>The migration most people were planning to do &quot;when quantum computers are real&quot; already happened in the tools they use every day. For long-lived secrets, matching that posture now — not later — is the whole point.</p>]]></content:encoded>
    </item>
    <item>
      <title>Shamir&apos;s Secret Sharing, explained without the math degree</title>
      <link>https://secretus.app/blog/shamir-secret-sharing-explained</link>
      <guid isPermaLink="true">https://secretus.app/blog/shamir-secret-sharing-explained</guid>
      <pubDate>Fri, 12 Jun 2026 00:00:00 GMT</pubDate>
      <description>How a 1979 algorithm lets a team hold a secret that no single member can read — and why fewer than k shares reveal mathematically nothing. With practical k-of-n setups for real teams.</description>
      <category>cryptography</category>
      <category>shamir</category>
      <category>teams</category>
      <content:encoded><![CDATA[<p>Here&#x27;s a problem every team eventually hits: you have one credential that matters too much. The root signing key. The production database master password. The recovery codes for the company&#x27;s domain registrar. Give it to one person and you have a single point of failure — they leave, get phished, or lose a laptop. Give it to everyone and you&#x27;ve multiplied the attack surface by headcount.</p><p>In 1979, Adi Shamir (the &quot;S&quot; in RSA) published a two-page paper that solves this exactly: split the secret into <em>n</em> shares so that any <em>k</em> of them reconstruct it, while <em>k − 1</em> shares reveal <strong>nothing at all</strong>. Not &quot;nothing practical&quot; — mathematically, provably nothing.</p><h2>The intuition: points on a curve</h2><p>Two points define a line. Three points define a parabola. In general, you need <em>k</em> points to pin down a polynomial of degree<em> k − 1</em>.</p><p>Shamir&#x27;s trick: hide the secret as the y-intercept of a random polynomial. Want a 3-of-5 split? Pick a random degree-2 polynomial whose value at x = 0 is your secret, then hand out five points on the curve — one per person. Any three holders can redraw the parabola and read the intercept. Two holders? There are infinitely many parabolas through their two points, one for <em>every possible secret value</em>, all equally likely. Their shares are literally worthless — which is the entire point.</p><p>This is what cryptographers call <strong>information-theoretic security</strong>: the guarantee doesn&#x27;t depend on a computational problem being hard. A quantum computer the size of Jupiter cannot extract a secret from k − 1 shares, because the information simply isn&#x27;t in them.</p><h2>From parabolas to bytes</h2><p>Real implementations don&#x27;t draw curves over ordinary numbers — rounding would leak information. They work in a finite field, typically GF(256), which conveniently has exactly one element per possible byte value. Each byte of your secret gets its own polynomial; each share ends up the same size as the secret. The arithmetic is exact, fast, and runs comfortably in a browser.</p><h2>Choosing k and n in practice</h2><ul><li><strong>2-of-3</strong> — the founder setup. You, your co-founder, and a sealed share in a safe. Either of you plus the safe recovers it; a single stolen laptop doesn&#x27;t.</li><li><strong>3-of-5</strong> — the classic ops-team split. Any three engineers can rotate the master credential at 3 a.m.; no pair can collude quietly, and two people can be on holiday without blocking an incident.</li><li><strong>4-of-7</strong> — board-level or DAO-style control for keys that move money or sign releases.</li></ul><p>The two failure modes to balance: set <em>k</em> too high and you&#x27;ve built a denial-of-service against yourself (shares get lost; people leave); too low and collusion gets cheap. A useful rule of thumb is k = ⌈n/2⌉ + 1.</p><h2>What Shamir doesn&#x27;t solve</h2><p>Honesty requires the fine print. Plain Shamir assumes shares are delivered securely (splitting a secret and then emailing the shares defeats the purpose), assumes holders return <em>correct</em> shares at reconstruction (verifiable secret sharing extends the scheme if you need that), and says nothing about the moment of reconstruction itself — wherever the secret is reassembled becomes, briefly, the thing you were trying to avoid: a single point holding the whole secret.</p><h2>How Secretus uses it</h2><p>Team Split in Secretus runs Shamir over GF(256) entirely in your browser — the splitting, and later the reconstruction, never touch our servers. Each holder receives their share inside a link&#x27;s URL fragment, which browsers never transmit to any server, so delivery doesn&#x27;t leak shares either. Reconstruction happens client-side when k holders contribute their shares, and optional expiry (24 hours to 30 days) bounds the exposure window. No single teammate, no single channel, and certainly not us, ever holds enough to read the secret.</p><p>Shamir&#x27;s paper was titled <em>&quot;How to share a secret&quot;</em>. Forty-seven years later, it&#x27;s still the correct answer.</p>]]></content:encoded>
    </item>
    <item>
      <title>Harvest now, decrypt later: the attack that&apos;s already happening</title>
      <link>https://secretus.app/blog/harvest-now-decrypt-later</link>
      <guid isPermaLink="true">https://secretus.app/blog/harvest-now-decrypt-later</guid>
      <pubDate>Fri, 12 Jun 2026 00:00:00 GMT</pubDate>
      <description>Encrypted traffic recorded today can be decrypted once quantum computers mature. What HNDL means for secrets with long lifetimes, what ML-KEM-768 changes, and how hybrid key agreement works.</description>
      <category>post-quantum</category>
      <category>ML-KEM</category>
      <category>threat-model</category>
      <content:encoded><![CDATA[<p>There is an attack against your encrypted traffic that requires no breakthrough, no zero-day, and no decryption capability whatsoever. Step one: record the ciphertext. Step two: wait.</p><p>&quot;Harvest now, decrypt later&quot; (HNDL) is exactly what it sounds like. An adversary with network visibility — an ISP tap, a compromised exchange, a state actor on a backbone — stores encrypted sessions today, betting that a cryptographically relevant quantum computer will eventually run Shor&#x27;s algorithm and unwrap the key exchange retroactively. The encryption isn&#x27;t broken today. It doesn&#x27;t need to be. Storage is cheap, and patience is free.</p><h2>Why the key exchange is the weak point</h2><p>Modern encrypted channels (TLS, Signal, WebRTC&#x27;s DTLS) typically protect data with symmetric ciphers like AES-256 — which quantum computers barely dent. The vulnerable part is how the two sides <em>agreed on the key</em>: elliptic-curve Diffie-Hellman. Shor&#x27;s algorithm, on a large enough quantum computer, solves the discrete-log problem ECDH rests on. Recover the key exchange, and the AES key — and everything it protected — falls out for free.</p><h2>Does the timeline matter? Wrong question</h2><p>Estimates for a cryptographically relevant quantum computer range from a decade to never, and arguing about the date misses the point. The right question is Michele Mosca&#x27;s inequality: if the time your data must stay secret, plus the time it takes you to migrate, exceeds the time until the machine exists — you are already late. A password you&#x27;ll rotate Tuesday doesn&#x27;t care. An SSH key to infrastructure that will run for years, a database dump with customer PII, M&amp;A documents, medical records — these have secrecy lifetimes measured in decades. For them, HNDL is not a future threat; the harvesting is the attack, and it can only happen <em>now</em>.</p><h2>What NIST standardised</h2><p>In August 2024, NIST finalised FIPS 203: ML-KEM (Module-Lattice Key-Encapsulation Mechanism, formerly CRYSTALS-Kyber). Its security rests on lattice problems — specifically Module-LWE — for which no efficient quantum algorithm is known. ML-KEM-768, the middle parameter set, targets security comparable to AES-192 and is what most of the industry (browsers, Signal, iMessage) has converged on.</p><h2>Hybrid: the engineering-honest approach</h2><p>Lattice cryptography is newer than elliptic curves, and prudent engineering doesn&#x27;t bet everything on the new thing. The emerging consensus is <strong>hybrid key agreement</strong>: run classical ECDH <em>and</em> an ML-KEM encapsulation, then feed both outputs through a key-derivation function. An attacker must break <em>both</em> — the elliptic curve <em>and</em> the lattice problem — to recover the session key. If ML-KEM someday falls to clever cryptanalysis, you still have today&#x27;s ECDH security; if quantum computers arrive, the lattice half holds.</p><h2>What Secretus does</h2><p>In Maximum Security mode, the X3DH-style authenticated handshake between the two browsers is hybridised with ML-KEM-768: the classical ECDH shared secrets and the post-quantum encapsulation are combined through HKDF-SHA-256 into the session key, before the browser-side symmetric ratchet derives per-message keys. The secret itself travels directly browser-to-browser over WebRTC — so there&#x27;s no stored ciphertext to harvest from a server at all, and what an on-path adversary can record is protected against both today&#x27;s and tomorrow&#x27;s cryptanalysis.</p><p>You can&#x27;t retroactively protect traffic you sent unprotected. That&#x27;s the uncomfortable asymmetry of HNDL — and the reason &quot;we&#x27;ll migrate when quantum computers are real&quot; is a plan to be exactly one harvest too late.</p>]]></content:encoded>
    </item>
    <item>
      <title>How to share credentials with clients (without leaking them)</title>
      <link>https://secretus.app/blog/how-to-share-credentials-with-clients</link>
      <guid isPermaLink="true">https://secretus.app/blog/how-to-share-credentials-with-clients</guid>
      <pubDate>Fri, 12 Jun 2026 00:00:00 GMT</pubDate>
      <description>Email and Slack keep credentials forever, in plaintext, on servers you don&apos;t control. A practical guide for agencies, freelancers and consultants: one-time links, P2P transfer, and a checklist.</description>
      <category>practical</category>
      <category>credentials</category>
      <category>agencies</category>
      <content:encoded><![CDATA[<p>If you run an agency, freelance, or consult, this conversation is your weekly routine: the client needs the WordPress admin password, you need their AWS keys, someone needs the staging database URL. And the channel, almost every time, is email or Slack.</p><p>Both fail the same way, for the same reason: <strong>retention</strong>.</p><h2>The problem isn&#x27;t interception — it&#x27;s storage</h2><p>TLS protects messages in transit; almost nobody is sniffing your packets. The real exposure is that email and chat are databases of everything ever sent. The password you emailed in 2023 is still there — in the recipient&#x27;s inbox, your sent folder, both providers&#x27; servers, every backup, and every device either of you has logged into since. When any one of those is compromised — one successful phish, one stolen laptop, one reused password on the client&#x27;s side — the attacker doesn&#x27;t get one credential. They get the archive. &quot;Search inbox for <em>password</em>&quot; is a standard post-breach move precisely because it works.</p><p>Add the offboarding problem: the contractor you stopped working with two years ago still has every credential you ever Slacked them, and you have no way to know which ones, let alone revoke the copies.</p><h2>What &quot;good&quot; looks like</h2><p>A credential handoff is safe when it has these properties:</p><ul><li><strong>Ephemeral</strong> — the message ceases to exist after delivery, automatically, without relying on anyone&#x27;s discipline.</li><li><strong>End-to-end encrypted</strong> — no server in the middle can read it, so a breach of the middleman reveals nothing.</li><li><strong>Delivery-confirmed</strong> — you know it arrived, and to whom, because exactly one open is possible.</li><li><strong>Accountless for the other side</strong> — clients won&#x27;t install a tool or create an account for a 30-second task. Any workflow that requires it will be bypassed back to email.</li></ul><h2>The workflow that survives contact with real clients</h2><ol><li><strong>Send a one-time encrypted link.</strong> The credential is encrypted in your browser; the decryption key rides in the URL fragment, which never reaches any server. The first open destroys the secret — if the link leaks afterwards, it opens nothing.</li><li><strong>Send the link over the channel you already share</strong> (email, Slack, WhatsApp). This is now safe: the channel only ever saw a link that no longer works. Its retention problem stops mattering.</li><li><strong>If the link arrives already-dead, treat it as an incident.</strong> One-time delivery doubles as a tripwire: &quot;already viewed&quot; before your client opened it means someone else did. Rotate the credential — you just caught an interception that email would have hidden forever.</li><li><strong>For the crown jewels, skip storage entirely.</strong> Live P2P transfer moves the secret directly between your browser and the client&#x27;s, end-to-end encrypted with forward secrecy — it never exists on any server, even as ciphertext.</li><li><strong>Receiving credentials? Send a request link instead.</strong> Clients will otherwise reply with the password in plaintext — it&#x27;s what people do. A secret-request link inverts the flow: they paste, it encrypts in <em>their</em> browser, you get a one-time read.</li></ol><h2>The checklist</h2><ul><li>Never send credentials as message text — only as one-time links.</li><li>Set the shortest expiry the workflow tolerates (hours, not weeks).</li><li>Rotate immediately if a link reports &quot;already viewed&quot;.</li><li>Use P2P mode for keys with long lifetimes (SSH, signing, cloud root).</li><li>Request secrets via request links; never let clients improvise.</li><li>Keep an audit trail of what was shared when — without storing the secrets themselves.</li></ul><p>The uncomfortable truth about credential leaks is that they&#x27;re rarely exotic. They&#x27;re an old email, found later, by the wrong person. The fix costs thirty seconds: share a link that dies on arrival, instead of a message that lives forever.</p>]]></content:encoded>
    </item>
  </channel>
</rss>
