DomainTools | Breaking Badness Cybersecurity Podcast - 190. The Weak Security Default in Our Stars

The report describes two recent security issues: attackers leveraged a Squarespace migration/account-signup weakness to hijack domains for multiple DeFi sites (risking credential theft, drive-by malware, or fund theft) and JFrog researchers discovered a leaked GitHub admin token in a public Docker image that could have enabled code injection into PyPI; the PyPI token was rapidly revoked and no exploitation was reported at the time.