CSOonline

How corporate data and secrets leak from GitHub repositories

Attackers constantly search public code repositories like GitHub for secrets developers might inadvertently leave behind, and any tiny mistake can be exploited. One boring day during the pandemic, ...
Bleeping Computer

Over 12 million auth secrets and keys leaked on GitHub in 2023

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. This is ...
Bleeping Computer

GitHub now scans for accidentally-exposed PyPI, RubyGems secrets

GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python ...
InfoWorld

GitHub upgrades tooling to help developers stop leaking secrets

Over 39 million API keys, credentials, and other secrets leaked onto GitHub’s platform last year, but an update to its scanning tool could help stop that. The widely used cloud-based version-control ...
TechRepublic

AI Giants Accidentally Leaking Secrets on GitHub

Research by Wiz shows that industry titans, with combined valuations exceeding $400 billion, have left the equivalent of their front doors propped open. Research found that 65% of the world’s most ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
Redmondmag.com

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...