AI Giants Accidentally Leaking Secrets on GitHub

Research by Wiz shows that industry titans, with combined valuations exceeding $400 billion, have left the equivalent of ...
Security Boulevard

Scanning GitHub Gists for Secrets with Bring Your Own Source

Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots.
Business Wire

Intruder Introduces Autoswagger: The Free Tool To Expose Hidden API Authorization Flaws

LONDON--(BUSINESS WIRE)--Intruder, a leader in attack surface management, has launched Autoswagger—a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities.
Infosecurity-magazine.com

The Growing Threat of Broken Authentication Attacks on APIs

Application programming interfaces (APIs) are integral to the functionality of the internet today. By enabling communications between programs, they make many processes more efficient and convenient, ...

OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...
Security Boulevard

When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us

Wallarm’s latest Q3 2025 API ThreatStats report reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving.  Malicious actors are shifting from code-level ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...