VulnHub

Real-time Cybersecurity News

AI coding assistants twice as likely to leak secrets, as overall leaks rise 34%

SCM feed for Latest

Overview

A significant rise in hardcoded secrets found in public GitHub commits has raised concerns among cybersecurity experts. In 2025, researchers identified 28.65 million instances of sensitive data, such as API keys and passwords, embedded directly in code. The alarming trend shows that AI coding assistants are twice as likely to contribute to these leaks compared to traditional coding methods. This increase in exposed secrets, which rose by 34% from previous years, poses a serious risk to organizations, potentially leading to unauthorized access and data breaches. Companies and developers must be vigilant in managing their code and ensuring that sensitive information is not inadvertently shared in public repositories.

Key Takeaways

  • Affected Systems: GitHub repositories, AI coding assistants
  • Action Required: Developers should avoid hardcoding secrets in their code and use environment variables or secret management tools instead.
  • Timeline: Newly disclosed

Original Article Summary

A total of 28.65 million hardcoded secrets were found in public GitHub commits in 2025.

Impact

GitHub repositories, AI coding assistants

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Developers should avoid hardcoding secrets in their code and use environment variables or secret management tools instead.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

New “Darksword” iOS exploit used in infostealer attack on iPhones

BleepingComputer

A new exploit kit called 'Darksword' is being used to target iPhones, particularly affecting users of cryptocurrency wallet applications. This exploit allows attackers to steal various personal information from compromised devices. The existence of Darksword raises significant concerns, especially for those who handle sensitive financial data on their mobile devices. As users increasingly rely on their phones for managing cryptocurrencies, the risk of falling victim to such attacks is growing. It’s crucial for iPhone users to stay vigilant and ensure their devices are updated to protect against these vulnerabilities.

Mar 18, 2026

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

The Hacker News

Cybersecurity researchers have identified nine significant vulnerabilities in low-cost IP KVM devices from four vendors: GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. These flaws can allow unauthorized users to gain root access, giving them extensive control over affected systems. The most critical vulnerabilities could enable attackers to execute commands and manipulate the devices without authentication. This poses a serious risk, especially for organizations relying on these devices for remote management of their IT infrastructure. Users of these products are urged to take immediate action to secure their systems and monitor for any suspicious activity.

Mar 18, 2026

Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats

Infosecurity Magazine

Researchers have identified a new version of the Vidar Stealer malware, known as Vidar 2.0, which is being distributed through fake game cheats on platforms like GitHub and Reddit. This malware targets users looking for free cheats for popular games, tricking them into downloading malicious software instead. Once installed, Vidar 2.0 can steal sensitive information, including passwords, credit card details, and other personal data. This method of delivery raises concerns as it exploits trusted platforms, making it harder for users to recognize the threat. Gamers and users of these platforms should be particularly cautious when downloading software that claims to be free game cheats, as it could lead to serious security breaches.

Mar 18, 2026

The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico

Securelist

Kaspersky's Security Operations Center has identified a new Horabot campaign targeting users in Mexico. This campaign involves sophisticated tactics that aim to compromise systems and steal sensitive information. Researchers have provided insights into how the attack is carried out, which can help security teams identify and respond to the threat effectively. The focus on Mexico suggests that local businesses and individuals may be particularly vulnerable, highlighting the need for increased awareness and protective measures. Understanding the methods used in this campaign can assist in preventing future attacks and safeguarding valuable data.

Mar 18, 2026

Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch

SecurityWeek

A security researcher has discovered a vulnerability in WhatsApp that allows users to bypass the app's 'View Once' feature, which is designed to make images and videos disappear after being viewed. This issue arises from the use of a modified client application, and Meta, the parent company of WhatsApp, has stated it will not release a patch for this vulnerability. The decision not to address the flaw raises concerns about user privacy, as it undermines the security feature intended to protect sensitive media. Users who rely on this feature for confidential communications may be at risk of having their private content saved and shared without consent. The vulnerability's existence highlights the potential for modified applications to exploit weaknesses in popular messaging platforms.

Mar 18, 2026

AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner

Infosecurity Magazine

According to a recent report by Gartner, security teams should prioritize their involvement in artificial intelligence (AI) projects to prevent expensive incident response efforts in the future. The research suggests that by 2028, AI-related issues will account for half of all incident response activities. This shift highlights the growing intersection between cybersecurity and AI, emphasizing that companies need to integrate security considerations from the outset of AI development. Failing to do so could lead to significant vulnerabilities and costly breaches. As AI technology becomes more prevalent in various sectors, understanding its risks and preparing for potential security incidents will be crucial for organizations.

Mar 18, 2026