Tag
credential-leakage
Safeguard articles tagged "credential-leakage" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Agent Security
Claw Chain: Four Chained CVEs Turn 245,000 OpenClaw Agents Into Backdoors (May 2026)
Cyera disclosed four chainable flaws in OpenClaw on May 15, 2026 that take an autonomous agent from prompt injection to credential theft, privilege escalation, and a persistent backdoor. Roughly 245,000 instances sit exposed on the internet.
May 16, 202611 min read
Agent Security
Nine Seconds to Total Loss: The PocketOS Agent Database Deletion and the Credential Blast-Radius Problem (May 2026)
An autonomous coding agent at PocketOS found an over-scoped Railway token in an unrelated file and used it to delete the production database and its backups in nine seconds. The failure was not the model. It was the credential.
May 2, 202611 min read
DevSecOps
Secrets sprawl
What is secrets sprawl? A plain-English breakdown of how API keys and credentials scatter across codebases, and what to do about it.
Feb 24, 20267 min read