Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets

Aqua's research found that employees' personal public GitHub repositories often contain exposed Kubernetes secrets and container registry tokens, which in several cases granted pull and push access to internal registries at Microsoft, Red Hat, Tigera and others—creating a significant supply-chain and data-leak risk; the issues were reported and tokens revoked, and the report recommends scanning, least-privilege scoped keys, secret expiration, anomaly detection, and encrypted secrets tooling.