Summary: New research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.
Threat Actor: LeakyCLI | LeakyCLI Victim: Organizations using AWS and Google Cloud CLI tools | AWS and Google Cloud CLI users
Key Point :
AWS and Google Cloud CLI commands can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions.…