Anyone can Access Deleted and Private Repository Data on GitHub
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
weeklyfoo #43 / 2024-07-29Do not use secrets in environment variables and here's how to do it better
We developers are well too fond of using environment variables to set application configuration and often use it to store secrets and other sensitive information.
weeklyfoo #54 / 2024-10-14Stealing credentials via polymorphic Chrome Extension
A few days ago, I came across new research explaining a novel cybersecurity attack via polymorphic Chrome Extension. After watching the demo video, I was curious to understand how exactly it could be implemented and decided to spend some time recreating it.
weeklyfoo #81 / 2025-04-21