A security engineer found over 17,000 exposed secrets in public GitLab repositories after scanning 5.6 million projects. The researcher used TruffleHog to identify sensitive data like API keys and tokens, discovering a higher secret density than previous scans on Bitbucket. Many organizations responded by revoking their compromised secrets.

Azure DevOps is implementing a change where newly generated OAuth client secrets will only be displayed once at creation, enhancing security and aligning with industry best practices. The Get Registration Secret API will also be retired to prevent misuse, and users must adapt their workflows accordingly before September 2, 2025.