[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP96oP3D3HvAVkNzVuc5BAiHC2cSCWRAk4ABullWqwIE":3},{"article":4,"iocs":48},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":28,"category":29,"article_tags":32},"513bd818-2af1-4742-a516-07d116384e4b","Your YAML files hold more credentials than most production servers.\n\nThe GhostAction campaign las...","your-yaml-files-hold-more-credentials-than-most-production-servers-the-ghostacti-12a3e6","Your YAML files hold more credentials than most production servers.\n\nThe GhostAction campaign last September hit 817 repos and stole 3,325 secrets this way. \n\nHackerBot-Claw followed in February, systematically scanning for pull_request_target misconfigs across public repos. https:\u002F\u002Ft.co\u002FqST2PB5II1","The GhostAction campaign exploited YAML file misconfigurations in GitHub repositories to steal over 3,300 secrets from 817 repos in September. A follow-up campaign, HackerBot-Claw, emerged in February targeting pull_request_target misconfigurations across public repositories. These attacks highlight the risk of storing credentials in configuration files and the vulnerability of open-source supply chains.","GhostAction campaign stole 3,325 secrets from 817 GitHub repos via YAML misconfiguration.",null,"https:\u002F\u002Fx.com\u002Felasticseclabs\u002Fstatus\u002F2049503978996518950","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHFNAfOXUAEN8ad.jpg","2026-04-29T15:00:01+00:00","2026-04-29T16:00:12.344143+00:00",8,[18,21,23,26],{"name":19,"type":20},"GhostAction","campaign",{"name":22,"type":20},"HackerBot-Claw",{"name":24,"type":25},"GitHub","technology",{"name":27,"type":25},"YAML","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":28,"icon":11,"name":30,"slug":31},"Supply Chain","supply-chain",[33,38,43],{"category":34},{"id":35,"icon":11,"name":36,"slug":37},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":39},{"id":40,"icon":11,"name":41,"slug":42},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":44},{"id":45,"icon":11,"name":46,"slug":47},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]