Bleeping Computer

Hackers ramp up scans for leaked Git tokens and secrets

Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...
Dark Reading

Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

Salesforce subsidiary Heroku on Thursday said that the threat actor that stole Heroku GitHub integration OAuth tokens in April also accessed an internal database containing hashed and salted passwords ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Hosted on MSN

Exposed Git tokens and secrets are being hoovered up by hacker scans

GreyNoise saw a significant increase in scanning activity IPs from Singapore are looking for exposed Git config files, also in Singapore The files could contain sensitive information such as login ...
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...
TheServerSide

How to use GitHub Actions secrets to hide your tokens and passwords example

Community driven content discussing all aspects of software development from DevOps to design patterns. One of the ongoing challenges DevOps professionals face when developing continuous integration ...