DDoSecrets
-
GhostAction: GitHub supply-chain attack exposes 3,325 secrets across hundreds of repositories
Researchers say a GitHub supply-chain campaign named GhostAction stole about 3,325 secrets across PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys, by compromising maintainer accounts to inject malicious GitHub Actions workflows that exfiltrate secrets to an attacker-controlled endpoint.
-
9GB Data Leak From Alleged North Korean Hacker Surfaces at DEF CON
Two hackers released a 9GB archive reportedly from a North Korean operator during DEF CON, with the material—including logs, credentials, and scripts—made available via DDoSecrets and published on Phrack; the data has been indexed and deemed authentic by researchers, though attribution remains uncertain.
