News

InfoWorld2y
Public package repos expose thousands of API security tokens—and they’re active
Unlike the presence of a code vulnerability ... Google Cloud Platform, and Telegram API tokens are the most-leaked tokens (in that order). However, it seems that AWS developers are more vigilant ...
ZDNet6y
Over 100,000 GitHub repos have leaked API or cryptographic keys
Some companies have taken it upon themselves to scan GitHub and other code-sharing repositories for accidentaly exposed API keys, and revoke the tokens even before API key owners notice the leak ...
Bleeping Computer3y
GitHub can now auto-block commits containing API keys, auth tokens
GitHub has announced on Monday that it expanded its code hosting platform's secrets ... and it works with 69 token types (API keys, authentication tokens, access tokens, management certificates ...
Security Boulevard1d
What are the best practices for MCP security?
Introduction Modern applications are increasingly powered by large language models (LLMs) that don’t just generate text—they can call live APIs, query databases, and even trigger automated workflows.
TechCrunch1y
How a mistakenly published password exposed Mercedes-Benz source code
Mercedes spokesperson Katja Liesenfeld confirmed that the company “revoked the respective API token and removed the public repository immediately.” “We can confirm that internal source code ...
CSO Online12d
Supply chain attack hits RubyGems to steal Telegram API data
Threat actor exploits Fastlane plugin trust to redirect Telegram traffic via C2 server after Vietnam’s ban, targeting mobile ...
CSOonline10mon
Major GitHub repos leak access tokens putting code and clouds at risk
Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects ... or through the API while the workflow run is ...