Hackers ramp up scans for leaked Git tokens and secrets

To mitigate the risks that arise from these scans, it is recommended to block access to .git/ directories, configure web servers to prevent access to hidden files, monitor server logs for suspicious .git/config access, and rotate potentially exposed credentials. Stealing credentials, API keys, SSH private keys, or even accessing internal-only URLs allows the threat actors to access confidential data, craft tailored attacks, and hijack privileged accounts. Git configuration files are configuration files for Git projects that can include branch information, remote repository URLs, hooks and automation scripts, and most importantly, account credentials and access tokens. In October 2024, Sysdig reported about a large-scale operation named "EmeraldWhale" which scanned for exposed Git config files, snatching 15,000 cloud account credentials from thousands of private repositories. Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. In a new report from threat monitoring firm GreyNoise, researchers have recorded a massive spike in searches for exposed Git configs between April 20-21, 2025. This is the exact method that the threat actors used to breach Internet Archive's "The Wayback Machine" in October 2024, and then maintain their foothold despite the owner's efforts to thwart the attacks. Developers or companies deploy web applications without correctly excluding .git/ directories from public access, inadvertently exposing these files to anyone. Scanning for those files is a standard reconnaissance activity that provides numerous opportunities for threat actors. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. If web server access logs show unauthorized access to Git configs, any credentials stored within them should be rotated immediately.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 29 Apr 2025 19:05:06 +0000

Cyber News related to Hackers ramp up scans for leaked Git tokens and secrets

You Don't Know Where Your Secrets Are - Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, ...
2 years ago Thehackernews.com

Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
1 year ago Securityboulevard.com

Over 12 million auth secrets and keys leaked on GitHub in 2023 - GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. The exposed secrets include account passwords, API keys, ...
1 year ago Bleepingcomputer.com

Hackers ramp up scans for leaked Git tokens and secrets - To mitigate the risks that arise from these scans, it is recommended to block access to .git/ directories, configure web servers to prevent access to hidden files, monitor server logs for suspicious .git/config access, and rotate potentially exposed ...
1 week ago Bleepingcomputer.com Snatch

GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation - GitGuardian, the security leader behind GitHub’s most installed application, today released its comprehensive “2025 State of Secrets Sprawl Report,” revealing a widespread and persistent security crisis that threatens organizations ...
2 months ago Cybersecuritynews.com

Honeytokens for Peace Of Mind - If you have been tackling the realities of secrets sprawl, getting a handle on all the hardcoded credentials in your organization, then we understand the stress and the restless nights that can bring. Even a small team can add hundreds of secrets a ...
1 year ago Feeds.dzone.com

CVE-2020-11008 - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open ...
4 years ago

GitHub expands security tools after 39 million secrets leaked in 2024 - Standalone Secret Protection and Code Security – Now available as separate products, these tools no longer require a full GitHub Advanced Security license, making them more affordable for smaller teams. GitHub announced updates to its Advanced ...
1 month ago Bleepingcomputer.com

CVE-2022-24765 - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder ...
1 year ago

Why Tokens Are Like Gold for Opportunistic Threat Actors - COMMENTARY. Authentication tokens aren't actual physical tokens, of course. Authentication tokens are an important part of cybersecurity. Which means that anyone with a token has a gold key to corporate systems - without requiring a multifactor ...
11 months ago Darkreading.com

Critical Git vulnerability allows RCE when cloning repositories with submodules - Git is a widely-popular distributed version control system for collaborative software development. It can be installed on machines running Windows, macOS, Linux, and various *BSD distributions. Web-based software development platforms GitHub and ...
11 months ago Helpnetsecurity.com CVE-2024-32002 CVE-2024-32465 CVE-2024-32020 CVE-2024-32021 CVE-2024-32004

Privileged Access Management for DevOps - Recently, KuppingerCole released the first edition of its Leadership Compass for Privileged Access Management for DevOps. The KuppingerCole report recognizes the unique and complex challenges that exist in DevOps and other dynamic environments. The ...
2 years ago Beyondtrust.com Patchwork

Major Organizations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - AI cybersecurity startup Lasso has discovered more than 1,600 valid Hugging Face API tokens exposed in code repositories, providing access to hundreds of organizations' accounts. Leaked secrets, such as tokens, have long been the focus of ...
1 year ago Securityweek.com

CVE-2022-24826 - On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does ...
3 years ago

CVE-2024-45405 - `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` ...
8 months ago

CVE-2021-23632 - All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js ...
3 years ago

new detectors, your favorite features, and what's coming next in GitGuardian - GitGuardian Secrets Detection More detectors = more secrets caught. Every detector has its comprehensive ID card in the public documentation, outlining the secret type, its intended usage and scope, and detailed steps for revocation. If you haven't ...
1 year ago Securityboulevard.com

Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
1 year ago Darkreading.com

The Secret Weakness Execs Are Overlooking: Non-Human Identities - By shifting our focus to secrets security and adopting a comprehensive approach that includes robust detection, automated remediation, and integration with identity systems, organizations can significantly reduce their attack surface and bolster ...
7 months ago Thehackernews.com

Exposed Hugging Face API tokens jeopardized GenAI models - Lasso Security researchers discovered 1,681 Hugging Face API tokens exposed in code repositories, which left vendors such as Google, Meta, Microsoft and VMware open to potential supply chain attacks. In a blog post published Monday, Lasso Security ...
1 year ago Techtarget.com

CVE-2024-28236 - Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like `parameters`, `image` and `entrypoint` to inject secrets into a ...
1 year ago

Secure Your Secrets With.env - Using environment variables to store secrets instead of writing them directly into your code is one of the quickest and easiest ways to add a layer of protection to your projects. There are many ways to use them, but a properly utilized `.env` file ...
1 year ago Feeds.dzone.com Inception

Kubernetes Security: Sensitive Secrets Exposed - Cybersecurity researchers are warning of Kubernetes security issues amid the exposure of configuration secrets. Researchers believe that such attacks could be orchestrated using Kubernetes secrets exposed in public repositories as they allow access ...
1 year ago Securityboulevard.com

Entro Security Newest Competitor in 2024 'ASTORS' Awards Program - Secrets management and monitoring are crucial components of any security program. Entro is a holistic secret security platform designed specifically for security teams and CISOs. To ensure that doesn't happen, Entro offers an exclusive secrets ...
1 year ago Americansecuritytoday.com

CVE-2024-50338 - Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the ...
3 months ago Tenable.com

Hackers ramp up scans for leaked Git tokens and secrets

Cyber News related to Hackers ramp up scans for leaked Git tokens and secrets

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)