Tag: Secrets
-
GhostAction: The Supply Chain Attack That Stole 3,325 GitHub Secrets
The GhostAction attack stands as one of the most significant compromises of the GitHub ecosystem in recent years. Researchers at GitGuardian uncovered a sweeping campaign in which threat actors injected malicious workflow files into repositories. Through these tampered scripts, the attackers exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens, as well as cloud service…
-
TOTP in the Clear: Proton Authenticator’s Privacy Misstep on iOS
Proton, a company renowned for its commitment to privacy and security, made an unfortunate misstep in its latest offering—Proton Authenticator, a two-factor authentication app. In the iOS version, users’ TOTP secrets—used to generate one-time codes—were logged in plaintext. This meant that any exported logs could potentially expose access to all linked 2FA accounts—including, as it…