CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...
Bleeping Computer

Sourcegraph website breached using leaked admin access token

AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online on July 14th. An attacker used the leaked token on ...
Dark Reading

Meta AI Models Cracked Open With Exposed API Tokens

Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model (LLM) repositories, in a troubling demonstration of the supply chain risks ...
CSO Online

Open WebUI bug turns ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
Security Boulevard

What are Refresh Tokens? Complete Implementation Guide & Security Best Practices

Learn how refresh tokens work in enterprise SSO. This guide covers implementation, rotation, and security best practices for CIAM systems.