GitHub secret scanning now extends beyond org-owned repositories: Public Monitoring scans all of GitHub.com in real time, ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.