DigiNews

Summary

The article analyzes CVE-2026-4020, describing a single attacker operation using a JA4H fingerprint to harvest secrets from exposed infrastructure. It reveals the attackers rely on a Google Cloud fleet and rotate user-agents to avoid blocks, targeting .env files, Git configs, and credentials, with recommendations to not expose secrets and to rotate them. It highlights defense limitations like blocklists and suggests focusing on preventing exposure rather than relying on blocked IPs.