How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they...

Homebrew: GitHub API Key for BrewTestBot is publicly exposed

Hello! While browsing through some old reports, I found that https://jenkins.brew.sh was publicly accessible. I got curious when I saw one of the brew bottle builds doing a git push to BrewTestBot/homebrew-core, and wondered if the credentials to make authenticated pushes were accessible. Sure...