Working Towards Improved PAM: Widening The Scope And Taking Control
Learn how GitGuardian supports expanding privileged access management to include non-human identities and improve secrets management across your infrastructure and vaults.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The Hidden Cost of Secrets Sprawl
Manual secrets management costs organizations $172,000+ annually per 10 developers. Discover the hidden productivity drain, security risks, and how automation can recover at least 1.2 FTE worth of capacity.
LASCON XV: From AI Risk To Identity Security In AppSec
From ITDR to MCP, LASCON XV in Austin showed how AppSec must evolve to address identity threats, AI challenges, and the complexity of modern production systems.
Scanning GitHub Gists for Secrets with Bring Your Own Source
Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots.
From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
INCYBER Forum Canada 2025: Collaboration Wins Over Compliance
At INCYBER Forum Canada 2025, leaders from across sectors explored AI, supply-chain risk, and culture-driven defense, stressing that true resilience is built together.
Building Chromegg: A Chrome Extension for Real-Time Secret Detection
Ever accidentally pasted an API key into a web form? Chromegg is our new Chrome extension that scans form fields in real-time, alerting you BEFORE you submit secrets. Open-source & ready to use!
OAuth for MCP - Emerging Enterprise Patterns for Agent Authorization
Why agents break the old model and require rethinking traditional OAuth patterns.
Rethinking Security Resilience And Getting Back To Basics At CornCon 11
CornCon 11 emphasized security basics, real-world risk alignment, and sustainable practices to help teams build resilient programs in today’s complex threat landscape.
SREday SF 2025: Human Centered SRE In An AI World
SRE Day SF shows why dashboards alone do not defend anything. Explore paths to better telemetry, progressive delivery, and resilience that customers can feel.
How Cybercriminal Organizations Weaponize Exposed Secrets
The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson Collective formed an alliance to coordinate efforts.
Terraform Secrets Management Best Practices: Secret Managers and Ephemeral Resources
In this blog, we will explore Terraform secrets management best practices, ephemeral resources, and some examples of securely orchestrating AWS infrastructure with AWS Secrets Manager.
Zero-Friction Secret Revocation Strategy Explained
GitGuardian users can now revoke certain valid secrets directly from incident pages in seconds, eliminating the need to switch between multiple tools and platforms when the danger is very real. As attackers move faster than ever, security teams and developers need better tools and methods to ensure their most prized secrets can be invalidated in seconds, halting any attackers who might have stolen them or discovered them leaked publicly.
DevOps Days Philadelphia 2025: Security As A Control Loop, Resilience, Runtime Risks, And How AI Is Changing It
DevOpsDays Philadelphia 2025 showed how AI governance, secrets security, runtime traces, and ablative resilience work together to reduce operational risk.
Red Hat GitLab Breach: The Crimson Collective's Attack
A comprehensive analysis of the breach that exposed 570GB of consulting data and put 800 organizations at risk.
Security Lessons For All From GitHub's Hardened Package Publication For npm
GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.