API keys got you here. They won’t get you where you’re going. OAuth isn’t a future upgrade. It’s the foundation your agents should have been built on from the start.
Two Malicious npm Packages Aim to Steal Credentials and Other Secrets
Bad actors took over a npm maintainer account and have published two malicious packages designed to steal credentials, API keys, and other secrets from the computers of victims who download them from the repository. Analysts with Sonatype’s Security Research Team wrote in a report that the two packages – sbx-mask and touch-adv – likely are […]
Don’t Look at This! IT’S A SECRET!
To continue the discussion about secrets after perusing this excellent report by GitGuardian—last time I went a little nuts about the number of secrets exposed in IT folks’ personal repositories. And it is a lot. I mean a lot of secrets. But you know what is scarier than, “A lot of secrets are leaked in […]