GitHub has expanded its security tools following a supply chain attack that resulted in the leak of 39 million secrets. The incident, traced back to a compromised SpotBugs access token, allowed attackers to exploit vulnerabilities within the GitHub ecosystem. The breach began when a SpotBugs maintainer inadvertently leaked a GitHub access token in November 2024. Attackers subsequently moved through various tools, including reviewdog, and ultimately targeted Coinbase in March 2025. The attack highlights the risks associated with token management and the importance of robust security measures in software development environments.