The JFrog Security Research team uncovered a significant security threat when they discovered a leaked GitHub access token with administrative access to critical Python infrastructure repositories, including PyPI and the Python Software Foundation, in a public Docker container on Docker Hub. This discovery highlighted the severe potential consequences if the token had fallen into malicious hands, such as the possibility of a large-scale supply chain attack by injecting malicious code into Python packages or the language itself. The token was found in a compiled Python binary file, not in the source code, demonstrating the need for robust secrets detection that includes both source code and binary files. The incident was swiftly mitigated when JFrog reported the leak to PyPI, who revoked the token within 17 minutes, and an investigation showed no suspicious activity had occurred. This case underscores the importance of using modern, fine-grained tokens and the necessity of scanning beyond source code to include binaries in secrets detection. JFrog's ability to detect this leak was due to their comprehensive scanning methods, which analyze both text and binary files, enhancing the security of their software supply chain platform.