GitHub secret scanning now extends beyond org-owned repositories: Public Monitoring scans all of GitHub.com in real time, ...
Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.