GitHub Attack – branches sending secrets to webhook
A lot of repos are being under attack where branches are being created under the name [REDACTED] to trigger GH actions and send all secrets to a webhook website. This is new and here is an example:
[REDACTED]
Just search on github and you will see planty repos.
3 comments
[ 3.5 ms ] story [ 15.7 ms ] threadYou can see if your account is leaking by searching for any branches of that [REDACTED] name:
for repo in $(gh repo list YOUR_ACCOUNT --json name -q '.[].name'); do if gh api repos/YOUR_ACCOUNT/$repo/branches/REDACTED &>/dev/null; then echo " Found 'REDACTED' in: $repo" fi done