diff --git a/.2ms.yml b/.2ms.yml
index ab55d19d..55c69746 100644
--- a/.2ms.yml
+++ b/.2ms.yml
@@ -1388,4 +1388,6 @@ ignore-result:
 - 0ee50cf76ca12b4b03bfb8f233527d846965ae8a # unit test from generic_credential_test.go (remove later)
 - 1ab798f14ecce9ea8a9229803c33f06e0093306a # unit test from generic_credential_test.go (remove later)
 - 4154ccf54f5d43a54103495dcf0e228353dc02f4 # unit test from generic_credential_test.go (remove later)
-- 783d3aa8f0e14f6d1527879bbcb3ae6195134b33 # unit test from generic_credential_test.go (remove later)
\ No newline at end of file
+- 783d3aa8f0e14f6d1527879bbcb3ae6195134b33 # unit test from generic_credential_test.go (remove later)
+- 4b68fb6117b9245a27ff07671dbad3b7734ad9f3 # unit test from generic_credential_test.go
+- de0438bff48b729dad27525d63839271790dca00 # unit test from generic_credential_test.go
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
index 34644dbf..b4b4f7ee 100644
--- a/.github/workflows/pr-validation.yml
+++ b/.github/workflows/pr-validation.yml
@@ -60,7 +60,7 @@ jobs:
       - run: mkdir -p kics-results
 
       - name: Run KICS scan
-        uses: checkmarx/kics-github-action@03c9abe351b01c3e4dbe60fa00ff79ee07d73f44 # master
+        uses: checkmarx/kics-github-action@05aa5eb70eede1355220f4ca5238d96b397e30a6 # 2.1.20
         with:
           path: .
           output_path: kics-results
diff --git a/engine/rules/ruledefine/generic_credential.go b/engine/rules/ruledefine/generic_credential.go
index 27513163..2bb3a29a 100644
--- a/engine/rules/ruledefine/generic_credential.go
+++ b/engine/rules/ruledefine/generic_credential.go
@@ -107,6 +107,8 @@ func GenericCredential() *Rule {
 					regexp.MustCompile(`--mount=type=secret,`).String(),
 					//  https://github.com/gitleaks/gitleaks/issues/1800
 					regexp.MustCompile(`import[ \t]+{[ \t\w,]+}[ \t]+from[ \t]+['"][^'"]+['"]`).String(),
+					// Example case: name="authenticity_token" value="..."
+					regexp.MustCompile(`(?i)name\s*=\s*["']authenticity_token["']`).String(),
 				},
 			},
 			{
diff --git a/engine/rules/ruledefine/generic_credential_test.go b/engine/rules/ruledefine/generic_credential_test.go
index 4449663e..d922f459 100644
--- a/engine/rules/ruledefine/generic_credential_test.go
+++ b/engine/rules/ruledefine/generic_credential_test.go
@@ -85,6 +85,8 @@ func TestGenericCredential(t *testing.T) {
 				" utils.GetEnvOrDefault(\"api_token\", \"dafa7817-e246-48f3-91a7-e87653d587b8\")",
 				// xml cases
 				"<key>API_KEY</key>\n<string>AIzaSyATDL7Wz3Ze6BU31Yv3fVVth30Skyib29g</string>",
+				`<Parameter name="github_token" value="ghp_1234567890abcdefghijklmnopqrstuv"/>`,
+				`<Parameter name="jwt_secret" value="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"/>`,
 			},
 			falsePositives: []string{
 				"issuerKeyHash=npmXsmT2_C1iJZ-SD7RuL8exZ=6ucd",
diff --git a/engine/rules/ruledefine/utils.go b/engine/rules/ruledefine/utils.go
index ec60d7de..4b96948e 100644
--- a/engine/rules/ruledefine/utils.go
+++ b/engine/rules/ruledefine/utils.go
@@ -23,6 +23,10 @@ const (
 	// operator = `(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)`
 	operator = `(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)`
 
+	// operatorOrXmlValue requires either a normal assignment operator (YAML, JSON, plist `>` after
+	// <string>) or XML attribute value="..." (<Parameter name="github_token" value="..."/>).
+	operatorOrXmlValue = `(?:(?:\s*value\s*=\s*["'])|(?:` + operator + `))`
+
 	// boundaries for the secret
 	// \x60 = `
 	secretPrefixUnique       = `\b(`
@@ -80,7 +84,7 @@ func generateSemiGenericRegexIncludingXml(identifiers []string, secretRegex stri
 		writeIdentifiersIncludingXml(&sb, identifiers)
 		sb.WriteString(identifierCaseInsensitiveSuffix)
 	}
-	sb.WriteString(operator)
+	sb.WriteString(operatorOrXmlValue)
 	sb.WriteString(secretPrefix)
 	sb.WriteString(secretRegex)
 	sb.WriteString(secretSuffixIncludingXml)