Secrets
GitHub expands security tools after 39 million secrets leaked in 2024
GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. In a new report by GitHub, the development company says the 39 million secrets were found through its secret scanning service, a security […]
Clone2Leak attacks exploit Git flaws to steal credentials
A set of three distinct but related attacks, dubbed ‘Clone2Leak,’ can leak credentials by exploiting how Git and its credential helpers handle authentication requests. The attack can compromise passwords and access tokens in GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and the Git Credential Manager. The flaws that make ‘Clone2Leak’ possible were discovered by Japanese researcher RyotaK […]