Bleeping Computer

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, ...
Bleeping Computer

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts ...
Dark Reading

Exposed Travis CI API Leaves All Free-Tier Users Open to Attack

A security flaw in the Travis CI API has left tens of thousands of developers' user tokens and other sensitive information exposed to attack, as threat actors could use the credentials to wage attacks ...
ZDNet

CI build logs continue to expose company secrets

Security researchers are still finding secrets hidden deep inside continuous integration services, years after the issue become common knowledge. Continuous integration (CI) is a coding methodology ...