GitHub’s secret scanning now includes built‑in validators for MongoDB, Meta (Facebook), and multiple Microsoft Azure token types, expanding the service’s ability to tell you not just that a secret was leaked but whether that secret is still usable — a capability that meaningfully changes how...
A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...