How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM
Let's have a look at how to integrate NHI Governance with AWS IAM to get detailed security insights into your dashboard.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Interview with Alex Rich, the VP of Sales at GitGuardian
Learn about our NHI Governance capabilities providing complete asset visibility, OWASP Top 10 compliance, and how we're tackling AI challenges where coding agents replicate exposed secrets at scale.
Shai-Hulud attack: 800 private repositories went public
Our security researcher Gaetan Ferry shared his take on the recent supply chain attacks with Mackenzie Jackson @TheSecureDisclosure.
OWASP AppSecDays France 2025: Learning To Defend The Global Supply Chain Together
OWASP AppSecDays France 2025 explored supply chain trust, CI/CD as the new perimeter and passkeys, showing how shared guardrails make secure delivery possible.
GitGuardian Introduces One-Click Secret Revocation to Accelerate Incident Response
Secure your secrets with GitGuardian's new one-click revocation. Instantly neutralize exposed secrets to close the attack window and automate your incident response.
Prioritizing Your GitGuardian Incidents
In this video, you will learn how to cut through the noise and prioritize your GitGuardian incidents with confidence. From understanding incident fields to using filters, views, and severity scoring, this walkthrough shows you exactly how to focus on what matters most. Take control of your backlog and streamline remediation to strengthen your team’s security posture. Chapters.
Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT
Learn how to shift the conversation from "who’s to blame" to "who has context" in managing non-human identities across modern enterprise IT infrastructure.
Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source
Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks.
Shai-Hulud: A Persistent Secret Leaking Campaign
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow injection in accessible projects. The compromised packages' structure has been detailed in blog posts by socket.dev and StepSecurity.
DjangoCon US 2025: Security, Simplicity, and Community
At DjangoCon US 2025, speakers emphasized seasoned tech over hype, featuring secure GitOps workflows, simpler frontend alternatives, and sustainable open-source models.
Working With GitGuardian Playbooks To Automate Your Workflows
In this video, we'll cover GitGuardian Playbooks and how to manage them in your workspace. We know that time is critical when a secrets incident occurs. That's why our platform allows you to quickly and easily automate steps of the incident response process. We call these automations "Playbooks".
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories
Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years.
BlueTeamCon 2025: Finding new approaches to security that don't let perfect stand in the way of better
BlueTeamCon 2025 showed why progress beats perfection in cybersecurity. Explore highlights on visibility, AI safety, collaboration, identity, and pragmatic defense.
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.
The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets
GitGuardian has uncovered GhostAction, a massive supply chain attack targeting 327 GitHub users and 817 repositories. Attackers injected malicious workflows that exfiltrated over 3,325 secrets, including npm, PyPI, and DockerHub tokens. Watch as GitGuardian's Senior Cybersecurity Researcher, Guillaume Valadon breaks down how this campaign unfolded, what was stolen, and what developers need to know to stay safe.
Why the Principle of Least Privilege Is Critical for Non-Human Identities
Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.
When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce
The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.
Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension
I'm going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code.