SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
TechRadar

Thousands of cloud credentials stolen from exposed Git config files

Hackers have stolen tens of thousands of cloud account credentials, by abusing exposed Git configuration files, experts have claimed. Git configuration files are where Git saves different preferences ...
SiliconANGLE

Pulumi enhances cloud security with automated secrets rotation and new GitHub integration

Infrastructure-as-code provider Pulumi Corp. today announced four product enhancements that are designed to improve security, streamline automation and provide greater control over cloud resources.
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Many enterprises use GitHub Action Secrets to store and protect sensitive information such as credentials, API keys, and tokens used in CI/CD workflows. These private repositories are widely assumed ...