Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency CISA after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub accoun...

CISA Security Leak

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...

GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

New York, NY, 17th March 2026, CyberNewswire...

Security Vulnerabilities in AI-Generated Code: A Large-Scale Analysis of Public GitHub Repositories

This paper presents a comprehensive empirical analysis of security vulnerabilities in AI-generated code across public GitHub repositories. We collected and analyzed 7,703 files explicitly attributed to four major AI tools: ChatGPT 91.52%, GitHub Copilot 7.50%, Amazon CodeWhisperer 0.52%, and...

Mars: sensitive data-creds for database - private key

The sensitive database credentials, including a username, password, and a private key, were discovered in a publicly accessible GitHub repository. The credentials were stored in plaintext within a configuration file, exposing them to anyone who could access the repository...

Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

Summary As part of a recent Coordinated Vulnerability Disclosure CVD report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL...

The Rising Threat of Secrets Sprawl and the Need for Action

The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity. The report shows a67%...

CVE-2019-14957

The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...

Reverb.com: Api token exposed in Reverb.com's public github repository

An access token of a user account was available in a public github repo. The token was tied to an experimental project, and the account was only used for that project, so no sensitive information was able to be obtained...

Hydra 8.6 - Fast and Flexible Network Login Hacker

A very fast network logon cracker which supports many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and Medusa. Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of...