https://www.bleepingcomputer.com/news/security/clone2leak-attacks-exploit-git-flaws-to-steal-credentials/

A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests.

The attack can compromise passwords and access tokens in GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and the Git Credential Manager.