Red Hat GitLab Breach: The Crimson Collective's Attack
A comprehensive analysis of the breach that exposed 570GB of consulting data and put 800 organizations at risk.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Security Lessons For All From GitHub's Hardened Package Publication For npm
GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.
How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM
Let's have a look at how to integrate NHI Governance with AWS IAM to get detailed security insights into your dashboard.
OWASP AppSecDays France 2025: Learning To Defend The Global Supply Chain Together
OWASP AppSecDays France 2025 explored supply chain trust, CI/CD as the new perimeter and passkeys, showing how shared guardrails make secure delivery possible.
GitGuardian Introduces One-Click Secret Revocation to Accelerate Incident Response
Secure your secrets with GitGuardian's new one-click revocation. Instantly neutralize exposed secrets to close the attack window and automate your incident response.
Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT
Learn how to shift the conversation from "who’s to blame" to "who has context" in managing non-human identities across modern enterprise IT infrastructure.
Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source
Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks.
Shai-Hulud: A Persistent Secret Leaking Campaign
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow injection in accessible projects. The compromised packages' structure has been detailed in blog posts by socket.dev and StepSecurity.
DjangoCon US 2025: Security, Simplicity, and Community
At DjangoCon US 2025, speakers emphasized seasoned tech over hype, featuring secure GitOps workflows, simpler frontend alternatives, and sustainable open-source models.
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories
Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years.