IT之家 8 月 16 日消息，派拓网络（Palo Alto Networks）旗下安全部门 Unit 42 于 8 月 13 日发布报告，表示托管在 GitHub 上的很多热门开源项目存在身份认证授权令牌（Auth tokens）泄露问题，让整个项目面临数据被盗和篡改植入恶意代码等风险。 Unit 42 部门发现包括谷歌 ...

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant introduces several critical capabilities that represent a fundamental shift ...

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...