CSOonline

Python GitHub token leak shows binary files can burn developers too

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...
Bleeping Computer

A mishandled GitHub token exposed Mercedes-Benz source code

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz is a prestigious German car, bus, and truck ...
TechCrunch

Mintlify says customer GitHub tokens exposed in data breach

Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week. Mintlify helps developers create ...
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...
Hosted on MSN

GitHub supply chain attack spills secrets from 23,000 projects

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.… StepSecurity disclosed a compromise of the popular GitHub Action ...
TechCrunch

How a mistakenly published password exposed Mercedes-Benz source code

Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm ...