This page collects WhisperX intelligence signals tagged #Credential Leak. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw has been identified in a backend authentication endpoint, exposing a sensitive device credential to multiple attack vectors. The `/api/auth/me` API endpoint is returning the `deviceSecret` in its JSON response, a credential described as functionally equivalent to a session token for device-scop...
A critical security flaw has been confirmed in the Docker build process for services under the `tazamaorg` namespace. The GitHub Personal Access Token (`GH_TOKEN`), used for authentication with GitHub Packages, was being leaked into the metadata of published Docker images. This exposure occurs because the token is pass...
A P0 security emergency has been triggered across the Everest ecosystem, forcing an immediate, blocking audit for exposed credentials. The crisis was dispatched by the Claude AI Architect (Opus 4.6) in direct response to the Anthropic Mythos announcement, which revealed autonomous AI systems capable of discovering zero...
A critical security control has failed. GitHub's push protection feature, designed to block credentials before they enter a repository, did not prevent a live secret from being committed and pushed to the `hmpps-dpr-tools-api` repository. The exposure was only detected after the fact by GitHub's secret scanning, leavin...
A high-severity security scan has exposed multiple private cryptographic keys hardcoded within the public Apache Superset GitHub repository. The gitleaks scanner flagged the exposure with high confidence, identifying the sensitive keys in six separate locations across the project's test suite. This type of exposure can...
A critical security vulnerability in Kyverno, a popular Kubernetes policy engine, automatically exposes the cluster's internal ServiceAccount credentials to external endpoints. The flaw, designated GHSA-8wfp-579w-6r25, is rated high severity and stems from an insecure-by-default design in the `apiCall` service mode. Th...
A critical security vulnerability has been uncovered in main.py, where hardcoded credentials were found embedded directly in the source code. This exposure represents a significant security failure, placing sensitive authentication material at immediate risk of exploitation if the repository is accessed or compromised ...
A medium-severity vulnerability in the widely-used Python requests library could expose authentication credentials to unintended hosts during HTTP redirects. CVE-2018-18074 affects all versions of requests prior to 2.20.0, with the flaw specifically causing Authorization headers to be incorrectly forwarded when a reque...