The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...
Bleeping Computer

Clone2Leak attacks exploit Git flaws to steal credentials

A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. The attack can compromise ...
TechRadar

Exposed AWS credentials stolen within minutes by Github hackers

GitHub has a unique security feature - it scans the code for exposed Amazon Web Services (AWS) keys (among other things) and if it finds them, it reports them to AWS which can act to prevent misuse - ...
TechRadar

This worrying Git flaw could lead to users leaking credentials

Security researcher finds related attacks and dubbed them Clone2Leak This allowed threat actors to leak credentials through Git's credential helper Patches are already available, so update now A ...
Bleeping Computer

GitHub rotates keys to mitigate impact of credential-exposing flaw

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe ...