#SecretsExposure

GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories

by

August 16, 2024 at 05:51PM GitHub Actions artifacts generated during CI/CD workflows may inadvertently expose tokens for third-party cloud services and GitHub, posing a risk to repositories and services. Palo Alto Networks warns of misconfigurations and security defects allowing threat actors to compromise repositories and steal secrets. Avital suggests proactive security measures to mitigate these … Read more

‘Phantom’ Source Code Secrets Haunt Major Organizations

by

June 27, 2024 at 05:52AM Aqua Security’s research reveals a significant number of “phantom” secrets persist within Git-based Source Code Management systems, posing security risks for top organizations. These include leaked secrets granting access to cloud environments, internal infrastructure, API tokens, and network devices of major companies. Aqua emphasizes the challenges in accurately detecting and … Read more