%term

BSides San Diego 2025: Shifting the Risk Conversation By The Sea Shore

Apr 4, 2025 By Dwayne McDaniel In GitGuardian

Discover how BSidesSD 2025 challenged traditional GRC, spotlighted data poisoning, and promoted human-driven security insights. Read our highlights from this community event.

Read Post

GitGuardian

Read more about BSides San Diego 2025: Shifting the Risk Conversation By The Sea Shore

Introducing GitGuardian's Generic Secrets Enricher

Apr 3, 2025 By GitGuardian In GitGuardian

GitGuardian is proud to introduce our new Machine Learning-powered Generic Secret Enricher, helping all customers quickly understand the origin and type of discovered generic secrets. The 2025 GitGuardian State of Secret Sprawl report shows that 58% of all detected secrets fall into the generic category.

View Video

GitGuardian

Read more about Introducing GitGuardian's Generic Secrets Enricher

The GitGuardian State of Secrets Sprawl 2025: Expert Panel

Mar 31, 2025 By GitGuardian In GitGuardian

GitGuardian's 2025 State of Secrets Sprawl Report reveals that nearly 24 million new hardcoded secrets were exposed on public GitHub in 2024 alone–a staggering 25% increase from the previous year. Together with Chris Smith from Cyberark, our expert panel dives deep into the report's most concerning findings.

View Video

GitGuardian

Read more about The GitGuardian State of Secrets Sprawl 2025: Expert Panel

The Hidden Breach: Secrets Leaked Outside the Codebase Pose a Serious Threat

Mar 31, 2025 By Dwayne McDaniel In GitGuardian

Secrets aren't just in code. GitGuardian’s 2025 report shows major leaks in collaboration tools like Slack, Jira, and Confluence. Here’s what security teams need to know.

Read Post

GitGuardian

Read more about The Hidden Breach: Secrets Leaked Outside the Codebase Pose a Serious Threat

Github Actions Supply Chain Attacks

Mar 31, 2025 By WatchGuard Technologies In WatchGuard

This week, we discuss a recent cascading supply chain attack involving multiple Github actions workflows that nearly succeeded in compromising a popular Coinbase application. Before that, we discuss a novel way to download malware onto an endpoint by abusing a web browser's caching feature. Additionally, we cover an FBI alert on file converter malware scams.

View Video

WatchGuard

Read more about Github Actions Supply Chain Attacks

SnowFROC 2025: A Chilly Reminder That OWASP Matters and Exploring Secure Coding Practices with AI Coding Bots

Mar 27, 2025 By Dwayne McDaniel In GitGuardian

At Denver's SnowFROC, security pros tackled the importance of OWASP’s evolving Top 10 and exposed the current shortcomings of AI-generated code for production systems.

Read Post

GitGuardian

Read more about SnowFROC 2025: A Chilly Reminder That OWASP Matters and Exploring Secure Coding Practices with AI Coding Bots

GitGuardian's Secrets Risk Assessment: Know Your True Exposure For Free

Mar 25, 2025 By Soujanya Ain In GitGuardian

Go beyond GitHub's scope. Understand the full picture of your secret leaks with GitGuardian, covering public and internal exposures.

Read Post

GitGuardian

Read more about GitGuardian's Secrets Risk Assessment: Know Your True Exposure For Free

GitHub Supply Chain Attack: CVE-2025-30066 and CVE-2025-30154 Expose Secrets Across 218 Repositories

Mar 25, 2025 By SignMyCode In SignMyCode

A major supply chain attack has exposed sensitive CI/CD secrets in GitHub Action tj-actions/changed-files, known as CVE-2025-30066, across 218 repositories. This incident has raised significant concerns about security and is connected to an earlier attack on the other GitHub Action, reviewdog/action-setup@v1, tracked as CVE-2025-30154. While only 4% of the 5,416 repositories that were affected had secrets leaked, the damage is severe.

Read Post

SignMyCode

Read more about GitHub Supply Chain Attack: CVE-2025-30066 and CVE-2025-30154 Expose Secrets Across 218 Repositories

GitHub Action Supply Chain Attack (CVE-2025-30066)

Mar 25, 2025 By Hetram Yadav In Coralogix

On March 14, 2025, a critical supply chain attack targeted the widely used GitHub Action tj-actions/changed-files. This action, utilized in over 23,000 repositories, was compromised when attackers injected malicious code, causing CI/CD pipeline secrets to be exposed in GitHub Actions logs. This breach raised serious concerns regarding the security of GitHub Actions and the importance of implementing robust security measures in CI/CD workflows.

Read Post

Coralogix

Read more about GitHub Action Supply Chain Attack (CVE-2025-30066)

Keeping Secrets Out of Logs: Strategies That Work

Mar 24, 2025 By Anna Nabiullina In GitGuardian

tl;dr: There's no silver bullet for keeping secrets out of logs, but if we put several "lead bullets" in the right places, we have a good chance of success.

Read Post

GitGuardian

Read more about Keeping Secrets Out of Logs: Strategies That Work

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BSides San Diego 2025: Shifting the Risk Conversation By The Sea Shore

Introducing GitGuardian's Generic Secrets Enricher

The GitGuardian State of Secrets Sprawl 2025: Expert Panel

The Hidden Breach: Secrets Leaked Outside the Codebase Pose a Serious Threat

Github Actions Supply Chain Attacks

SnowFROC 2025: A Chilly Reminder That OWASP Matters and Exploring Secure Coding Practices with AI Coding Bots

GitGuardian's Secrets Risk Assessment: Know Your True Exposure For Free

GitHub Supply Chain Attack: CVE-2025-30066 and CVE-2025-30154 Expose Secrets Across 218 Repositories

GitHub Action Supply Chain Attack (CVE-2025-30066)

Keeping Secrets Out of Logs: Strategies That Work

Monthly Archive

Follow Us