frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

GitHub Attack – branches sending secrets to webhook

6•danieldspx•9h ago
A lot of repos are being under attack where branches are being created under the name [REDACTED] to trigger GH actions and send all secrets to a webhook website. This is new and here is an example:

[REDACTED]

Just search on github and you will see planty repos.

Comments

danieldspx•8h ago
I redacted the names to avoid spreading and teaching people how to get other people's secrets. I am in contact with Github and will update here once they solve the issue.
patbuchanan•5h ago
We got hit. Cleaned up but still trying to find the origin. Assuming a VS Code plugin at this point that must have been poisoned. Have you found anything?

You can see if your account is leaking by searching for any branches of that [REDACTED] name:

for repo in $(gh repo list YOUR_ACCOUNT --json name -q '.[].name'); do if gh api repos/YOUR_ACCOUNT/$repo/branches/REDACTED &>/dev/null; then echo " Found 'REDACTED' in: $repo" fi done

Paid $2400 to Cloudflare, support refuses to help

117•thekonqueror•12h ago•21 comments

Aura – Detecting Fake Cell Towers with RF Fingerprinting AI

6•sadpig70•3h ago•0 comments

Ask HN: What Single File Web Apps do you know of?

4•calebm•6h ago•5 comments

How WASM DB and worker messaging helped me handle 500MB in 2s in browser

4•vinserello•11h ago•1 comments

What problems are worth solving?

6•KopyWasTaken•7h ago•2 comments

C++ ranges/views vs. Rust iterator

2•bijan7•8h ago•1 comments

Mirai Variant "Gayfemboy" Infecting 15K+ Devices Daily – Mitigation Ideas?

7•garduno_AA•9h ago•3 comments

GitHub Attack – branches sending secrets to webhook

6•danieldspx•9h ago•2 comments

Ask HN: What's a good 3D Printer for sub $1000?

5•lucideng•11h ago•4 comments

Ask HN: Does anyone have any screenshots of fucked company?

3•iamflimflam1•12h ago•4 comments

Cloudflare Security Mistriages on Account Takeover

4•matured_kazama•13h ago•0 comments

Ask HN: Costs for US sales tax compliance for a two-sided marketplace

3•throway-9998888•16h ago•1 comments

Google Ends Support for Lynx Browser

102•zhenyi•5d ago•43 comments

Ask HN: Getting over Burnout with Imposter Syndrome

20•chrsig•2d ago•5 comments

Git Without Stash/Tags

3•birb07•1d ago•5 comments

Lost $300 due to an API key leak from "vibe coding" – Learn from my mistake

4•liulanggoukk•1d ago•11 comments

Ask HN: Who wants to be hired? (September 2025)

124•whoishiring•2w ago•390 comments

You've reached the end!