A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with ...

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI assistants.

Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key.

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.

Runloop, the only enterprise-grade infrastructure platform that enables the development, evaluation and scalable deployment of AI coding agents, today announced the launch of Repository Connect. This ...

CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote ...

GitHub has announced it will be bringing its secret scanning capability to more users in a bid to help public repository admins detect leaked secrets in their repositories before a breach happens.

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely.