Benjamin Carr, Ph.D. 👨🏻💻🧬<p>Multiple high-profile <a href="https://hachyderm.io/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> projects, including those from <a href="https://hachyderm.io/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a>, <a href="https://hachyderm.io/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a>, <a href="https://hachyderm.io/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a>, and <a href="https://hachyderm.io/tags/RedHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedHat</span></a>, were found to leak <a href="https://hachyderm.io/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> authentication tokens through <a href="https://hachyderm.io/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> artifacts in CI/CD.<br><a href="https://hachyderm.io/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://hachyderm.io/tags/Unit42" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Unit42</span></a> found it affected:<br>Firebase<br>OpenSearch Security<br>Clair <br>JSON Schemas <br>TypeScript Repos Automation, TypeScript Bot Test Triggerer, Azure Draft <br>CycloneDX SBOM (OWASP)<br>Stockfish<br>Libevent<br>Guardian for Apache Kafka<br>Git Annex<br>Penrose<br>Deckhouse<br>Concrete-ML <br><a href="https://www.bleepingcomputer.com/news/security/github-actions-artifacts-found-leaking-auth-tokens-in-popular-projects/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/github-actions-artifacts-found-leaking-auth-tokens-in-popular-projects/</span></a></p>