Secret scanning alert: Resolved. Credential status: Active. Deleting a secret from code is not the same as revoking it. Inside the Zombie Key kill chain.
Aqua Security's Trivy was compromised by TeamPCP, cascading into LiteLLM. A 7-phase Cyber Kill Chain and MITRE ATT&CK analysis of how incomplete credential rotation turned a single breach into a five-ecosystem catastrophe.
Attackers exploited a GitHub Actions vulnerability to compromise the Nx package. Analysis of the attack chain, who was affected, and how to detect similar threats.
We found live API keys in 0.45% of public Vercel deployments. AWS credentials, Stripe secrets, GitHub tokens. Here is what exposes them (NEXT_PUBLIC_ misuse is only one), how attackers chain a single key into full cloud compromise, and what to change in your setup this week.
Vigilant Ally: Helping Developers Secure GitHub Secrets