Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...
Bleeping Computer

The Double-Edged Sword of Non-Human Identities

In a sweeping analysis conducted in late 2025, Flare researchers uncovered more than 10,000 Docker Hub container images leaking secrets (including production API keys, cloud tokens, CI/CD credentials, ...
CSOonline

Default static key in ThingsBoard IoT platform can give attackers admin access

Developers of ThingsBoard, an open-source platform for managing IoT devices that’s used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...