Tag: API Keys

Two Malicious npm Packages Aim to Steal Credentials and Other Secrets

Jeff Burt | March 23, 2026 | API Keys, CI/CD pipelines, credential theft, Data Exfiltration, exposed secrets, GitHub repositories, maintainer account, malicious npm packages, sonatype

Bad actors took over a npm maintainer account and have published two malicious packages designed to steal credentials, API keys, and other secrets from the computers of victims who download them from ...

Don’t Look at This! IT’S A SECRET!

Don Macvittie | July 20, 2021 | API Keys, automation, AWS, Git Guardian, github, Secrets

To continue the discussion about secrets after perusing this excellent report by GitGuardian—last time I went a little nuts about the number of secrets exposed in IT folks' personal repositories. And it ...