Tarnkappe.infoMay 21
📬 CISA blamiert sich mit offenem GitHub-Repo voller Passwörter und AWS-Keys
#Artikel #AWSZugangsdaten #BrianKrebs #CISA #GitGuardian #GitHubToken #GuillaumeValadon #Sicherheitsbehörde https://sc.tarnkappe.info/c12485
CISA blamiert sich mit offenem GitHub-Repo voller Passwörter und AWS-Keys

Peinliche Panne bei der US-Behörde CISA: Ein offenes GitHub-Repo enthielt monatelang Passwörter, AWS-Keys, geheime Token und vieles mehr.

TARNKAPPE.INFO
Show threadgithub.com/ghostwriterMay 13

GitHub Actions token format `ghs_APPID_JWT` (~520 chars, variable length).

Regex

NEW: `ghs_[0-9]+_[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+`

https://github.blog/changelog/2026-04-24-notice-about-upcoming-new-format-for-github-app-installation-tokens/#how-to-prepare-for-this-change

OLD: `ghs_[A-Za-z0-9]{36}`

https://github.blog/changelog/2021-03-04-authentication-token-format-updates/

#GitHub #GitHubAction #GitHubServerToken #GitHubToken #Regex

Notice about upcoming new format for GitHub App installation tokens - GitHub Changelog

Starting April 27th 2026 and over the coming weeks, we will begin a staged rollout that updates the format of newly minted GitHub App installation tokens, making them more performant…

The GitHub Blog
N-gated Hacker NewsDec 12
🔨💾 Home Depot's idea of cybersecurity? Letting their GitHub token chill for a year like it's on vacation. Welcome to the new age of security: "Oops, did I do that?" 😅🔓
https://techcrunch.com/2025/12/12/home-depot-exposed-access-to-internal-systems-for-a-year-says-researcher/ #HomeDepot #Cybersecurity #GitHubToken #SecurityFails #OopsDidIDoThat #TechNews #HackerNews #ngated
Exclusive: Home Depot exposed access to internal systems for a year, says researcher

A security researcher tried to alert Home Depot to the security lapse exposing its backend GitHub source code repos and other internal cloud systems, but was ignored.

TechCrunch
Hacker NewsDec 12

Home Depot GitHub token exposed for a year, granted access to internal systems

https://techcrunch.com/2025/12/12/home-depot-exposed-access-to-internal-systems-for-a-year-says-researcher/

#HackerNews #HomeDepot #GitHubToken #SecurityBreach #InternalAccess #Vulnerability #TechNews

Exclusive: Home Depot exposed access to internal systems for a year, says researcher

A security researcher tried to alert Home Depot to the security lapse exposing its backend GitHub source code repos and other internal cloud systems, but was ignored.

TechCrunch