Threat actors have recognized how to abuse weak links in the software supply chain to support both targeted and indiscriminate campaigns. Exposed secrets remain a top challenge The exposure of digital authentication credentials (‘secrets’) such as login credentials, API tokens, and encryption keys, is a significant target for malicious actors and was a major challenge in 2023.
Source: Help Net Security