ZDNet

Botnets have been silently mass-scanning the internet for unsecured ENV files

Drawing little attention to themselves, multiple threat actors have spent the past two-three years mass-scanning the internet for ENV files that have been accidentally uploaded and left exposed on web ...
CSOonline

AWS environments compromised through exposed .env files

Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications. A data extortion ...