This page collects WhisperX intelligence signals tagged #Secret Leak. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw in the SEC's GitHub Actions workflow, `pr-loop.yml`, creates a direct path for attackers to steal high-value API secrets, including the `ANTHROPIC_API_KEY` and `ALEXS_CODEX_KEY`. The vulnerability is a textbook 'pwn request' scenario, where the workflow's configuration grants it access to the r...
A critical security vulnerability in the widely-used `semantic-release` automation tool has been patched, addressing a flaw that could expose sensitive secrets like API tokens and passwords to unauthorized actors. The vulnerability, tracked as CVE-2022-31051 (GHSA-x2pg-mjhr-2m5x), was present in versions prior to 19.0....