Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
Bleeping Computer

A mishandled GitHub token exposed Mercedes-Benz source code

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...
GIGAZINE

GitHub tokens leaked from prominent open source projects from Google and Microsoft

It has been discovered that GitHub authentication tokens have been leaked from several well-known open source projects on GitHub, including those from Google, Microsoft, Amazon Web Services (AWS), and ...
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...