Resilience, Attack Surface, and Exposure (RASE)

A security researcher used automated TruffleHog scans across all 5.6 million public GitLab Cloud repositories and found 17,430 live secrets tied to 2,804 domains—including cloud, database, messaging, and OpenAI keys—showing that many organizations still expose long-lived credentials in public code despite some revocations after notification.

A smishing-enabled cyberattack against analytics provider Mixpanel led to unauthorized access and export of limited analytics datasets, including OpenAI platform user profiles and device/usage details, but not ChatGPT content or credentials, creating downstream phishing and social-engineering risk for affected customers while prompting OpenAI to sever Mixpanel integrations and Mixpanel to execute a full incident-response and hardening program.

Synthesizing all three sources, the OSINT indicates that an unauthorized third party exploited a previously unknown vulnerability in Oracle E-Business Suite in August 2025 to hack the Oracle EBS environments of the University of Pennsylvania and the University of Phoenix.