CSOonline

AWS and Google Cloud command-line tools can expose secrets in CI/CD logs

Security researchers warn that certain commands executed in the AWS and Google Cloud command-line interfaces (CLIs) will return credentials and other secrets stored in environment variables as part of ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...