Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

GitLab Cloud public repositories secret exposure

Data Leak
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

A scan of 5.6 million public GitLab Cloud repositories uncovered 17,430 verified live secrets, creating a large-scale credential exposure risk across 2,804 unique domains. The exposed material included API keys, passwords, tokens, and other high-value cloud credentials. Some secrets dated back to 2009 and were still valid. Many organizations revoked exposed credentials after notification, but some secrets remained live.

Related Happenings

Congress demands CISA answers on GitHub credential leak

Public Sector Action
First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

Open Happening

Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication

Technical Analysis
First: 21.05.2026 23:07 Last: 21.05.2026 23:07 Sources 1

About this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...

Open Happening

CISA contractor GitHub repository exposed internal credentials

Data Leak
First: 18.05.2026 23:48 Last: 18.05.2026 23:48 Sources 1

About this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...

Latest development: 22.05.2026 19:34

On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.

Open Happening

Moltbook Supabase database exposure

Data Leak
First: 08.02.2026 09:32 Last: 08.02.2026 09:32 Sources 1

About this happening: A **misconfigured Supabase database** exposed **Moltbook** data, putting **API authentication tokens**, **email addresses**, and **private messages** at risk of unauthorized acces...

Open Happening

Docker Hub container images leaking secrets across more than 100 organizations

Data Leak
First: 04.02.2026 17:05 Last: 04.02.2026 17:05 Sources 1

About this happening: Researchers uncovered **more than 10,000 Docker Hub container images** leaking **production API keys, cloud tokens, CI/CD credentials, and AI model access tokens**, putting secret...

Open Happening

Timeline

  1. 28.11.2025 19:43 2 articles · 6mo ago

    Public GitLab Cloud repository secret scan and disclosure

    Initial Disclosure

    Luke Marshall used a GitLab public API endpoint and a custom Python script to enumerate every public GitLab Cloud repository, pushed 5.6 million non-duplicate repository names through AWS Simple Queue Service (SQS), and ran TruffleHog in AWS Lambda with concurrency set to 1000. The scan completed in just over 24 hours for $770 and identified 17,430 verified live secrets across 2,804 unique domains, including over 5,200 Google Cloud Platform (GCP) credentials and a little over 400 GitLab keys. Automated notifications were sent to affected parties, many organizations revoked exposed secrets, and some secrets remained live on GitLab.

    Show sources
    Open in new tab