In the wake of recent Lapsus$ breaches, another significant supply chain attack has emerged involving stolen OAuth tokens used to access private GitHub repositories, affecting "dozens of organizations." These tokens, from Heroku and Travis CI third-party applications, have enabled attackers to download private source codes, highlighting a concerning trend where adversaries specifically target repositories due to the sensitive information they contain. GitHub has confirmed the tokens were compromised and used to exploit private repositories, with the goal of mining secrets to infiltrate other systems. In response, Heroku has revoked all OAuth keys to prevent further unauthorized access, though this has caused deployment issues for customers. Organizations are advised to implement OAuth App access restrictions and regularly review OAuth authorization activity to mitigate risks, while ensuring private repositories are devoid of sensitive information to prevent exploitation in current and future breaches.