CSOonline

Python GitHub token leak shows binary files can burn developers too

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...
Hosted on MSN

GitHub supply chain attack spills secrets from 23,000 projects

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.… StepSecurity disclosed a compromise of the popular GitHub Action ...

Devs are writing VS Code extensions that blab secrets by the bucketload

Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked ...
Bleeping Computer

GitHub deprecates account passwords for authenticating Git operations

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow. This change was first announced last year, in July, when GitHub said ...
InfoQ

Researcher Unearths Thousands of Leaked Secrets in GitHub’s “Oops Commits”

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
InfoWorld

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...
Bleeping Computer

GitHub: Attackers stole login details of 100K npm user accounts

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and ...