Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Large-scale secrets detection in JavaScript bundles reveals exposed tokens

Technical Analysis
First reported
Last updated
Happening score
H score 16
2 unique sources, 2 articles

Summary

Hide ▲

Large-scale scanning of 5 million applications exposed over 42,000 tokens hidden in JavaScript bundles, showing that existing secret-detection tooling misses a major leak surface in single-page applications (SPAs). The findings matter because leaked repository credentials, webhooks, and API keys can provide direct access to production systems and downstream services. The research also shows that SPA spidering is needed to close a detection gap left by common scanners.

Related Happenings

GitHub data exposed after GitHub breach

Data Leak
First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Open Happening

GitHub internal repositories private-code leak claim

Data Leak
First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Open Happening

Shai-Hulud public GitHub repository credential exposure

Data Leak
First: 18.05.2026 20:28 Last: 18.05.2026 20:28 Sources 1

About this happening: **Shai-Hulud** stole **developer credentials** that were later exposed in **public GitHub repositories**, turning a theft phase into a public leak of access data. The exposed mate...

Open Happening

Anthropic Claude Code source code leak from NPM release

Data Leak
First: 01.04.2026 03:32 Last: 01.04.2026 03:32 Sources 1

About this happening: Anthropic **mistakenly exposed** proprietary **Claude Code** source code through a **NPM** release, allowing the codebase to be reconstructed and spread online. The leak involved...

Latest development: 02.04.2026 23:30

Threat actors are using fake GitHub repositories to exploit the Claude Code source code leak and lure users searching for leaked Claude Code into downloading a 7-Zip archive that launches ClaudeCode_x64.exe and drops Vidar and GhostSocks; Zscaler says the bogus repository is SEO-optimized for Google Search queries like “leaked Claude Code.”

Open Happening

SmartLoader trojanized Oura MCP Server delivery of StealC

Malware Activity
First: 17.02.2026 14:42 Last: 17.02.2026 14:42 Sources 1

About this happening: The **SmartLoader** operation is now distributing a **trojanized Oura MCP Server** to drop **StealC**, creating a supply-chain path to steal developer secrets. The rogue package i...

Open Happening

Timeline

  1. 20.01.2026 12:45 3 articles · 4mo ago

    Intruder reports JavaScript bundle secrets detection findings

    Technical Analysis Update

    Intruder describes a new secrets detection method aimed at gaps in traditional vulnerability scanners, DAST tools, and SAST workflows for single-page applications. The research scanned approximately 5 million applications and found over 42,000 exposed tokens across 334 secret types, including active code repository tokens and webhooks, showing that secrets embedded in JavaScript bundles can escape common defenses before production.

    Show sources
    Open in new tab