A recent investigation into misconfigured Apache Airflow instances has uncovered critical vulnerabilities exposing login credentials, API keys, and cloud service access tokens to potential attackers.
These workflow platform misconfigurations—primarily caused by insecure coding practices and outdated deployments—have compromised data security across industries such as finance, healthcare, and e-commerce, with credentials for AWS, Slack, PayPal, and internal databases left unprotected.
https://gbhackers.com/apache-airflow-mi ... edentials/