%term

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories

Sep 12, 2025 By Dwayne McDaniel In GitGuardian

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years.

Read Post

GitGuardian

Read more about Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories

BlueTeamCon 2025: Finding new approaches to security that don't let perfect stand in the way of better

Sep 10, 2025 By Dwayne McDaniel In GitGuardian

BlueTeamCon 2025 showed why progress beats perfection in cybersecurity. Explore highlights on visibility, AI safety, collaboration, identity, and pragmatic defense.

Read Post

GitGuardian

Read more about BlueTeamCon 2025: Finding new approaches to security that don't let perfect stand in the way of better

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

Sep 5, 2025 By Gaetan Ferry In GitGuardian

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.

Read Post

GitGuardian

Read more about The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets

Sep 5, 2025 By GitGuardian In GitGuardian

GitGuardian has uncovered GhostAction, a massive supply chain attack targeting 327 GitHub users and 817 repositories. Attackers injected malicious workflows that exfiltrated over 3,325 secrets, including npm, PyPI, and DockerHub tokens. Watch as GitGuardian's Senior Cybersecurity Researcher, Guillaume Valadon breaks down how this campaign unfolded, what was stolen, and what developers need to know to stay safe.

View Video

GitGuardian

Read more about The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets

Why the Principle of Least Privilege Is Critical for Non-Human Identities

Sep 4, 2025 By Dwayne McDaniel In GitGuardian

Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.

Read Post

GitGuardian

Read more about Why the Principle of Least Privilege Is Critical for Non-Human Identities

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Sep 3, 2025 By Guillaume Valadon In GitGuardian

The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.

Read Post

GitGuardian

Read more about When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Sep 2, 2025 By Andy Rea In GitGuardian

I'm going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code.

Read Post

GitGuardian

Read more about Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Beyond Secrets: How Managed Identities Are Transforming Multicloud Security

Aug 29, 2025 By Mattias Gees In GitGuardian

Managed identities offer a paradigm shift from "what fo you have"to "who you are" authentication, providing automated, short-lived credentials that eliminate credential sprawl across multicloud environments.

Read Post

GitGuardian

Read more about Beyond Secrets: How Managed Identities Are Transforming Multicloud Security

Investigating The Nx "s1ngularity" Attack: What GitGuardian Uncovered And How You Can Stay Safe

Aug 28, 2025 By GitGuardian In GitGuardian

Discover the chilling details of the Nx “s1ngularity” supply chain attack. On August 26, 2025, the massively popular Nx npm package, with millions of weekly downloads, was compromised with credential‑harvesting malware.

View Video

GitGuardian

Read more about Investigating The Nx "s1ngularity" Attack: What GitGuardian Uncovered And How You Can Stay Safe

GitGuardian MCP Sever - Example Use Cases and Installation

Aug 27, 2025 By GitGuardian In GitGuardian

In this video, learn how to set up and use GitGuardian’s new MCP (Model Context Protocol) server to bring secrets security and Non-Human Identity (NHI) governance directly into your AI-powered IDE, like Cursor or Claude Desktop. GitGuardian Developer Advocate Dwayne McDaniel shows how to install the MCP server and run real use cases—like scanning for secrets, listing incidents, and creating honeytokens—all from inside your coding environment. Ready to embed security where code is written?

View Video

GitGuardian

Read more about GitGuardian MCP Sever - Example Use Cases and Installation

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories

BlueTeamCon 2025: Finding new approaches to security that don't let perfect stand in the way of better

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets

Why the Principle of Least Privilege Is Critical for Non-Human Identities

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Beyond Secrets: How Managed Identities Are Transforming Multicloud Security

Investigating The Nx "s1ngularity" Attack: What GitGuardian Uncovered And How You Can Stay Safe

GitGuardian MCP Sever - Example Use Cases and Installation

Monthly Archive

Follow Us