InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
TMCnet

Intruder Uncovers New Secrets Detection Techniques, Finds Thousands of Exposed Tokens Unaddressed by Traditional Methods

Intruder's improved secrets detection checks critically sensitive secrets exposed by application front-ends, via spidering: systematically crawling through websites to find all exposures. It is now ...
Dark Reading

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem

The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, ...
The Verge

GitHub had a major outage, but now says its services are ‘fully operational’

The issues apparently popped up because of a ‘database infrastructure related change’ that GitHub rolled back. The issues apparently popped up because of a ‘database infrastructure related change’ ...