Bleeping Computer

GitHub’s secret scanning alerts now available for all public repos

GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.
Bleeping Computer

GitHub enables push protection by default to stop secrets leak

GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. Today's announcement comes ...
Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...
InfoWorld

Public package repos expose thousands of API security tokens—and they’re active

JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways. As part of the ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
GIGAZINE

GitHub has removed over 900 repositories and forks of pirated anime viewing tools, but has denied claims that they circumvented DRM.

This takedown request coincided with the closure of 'HiAnime,' a pirated content site that recorded over 150 million visits per month. The targeted repositories included aniwatch and aniwatch-api, ...