%term

How Cybercriminal Organizations Weaponize Exposed Secrets

Oct 10, 2025 By Guillaume Valadon In GitGuardian

The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson Collective formed an alliance to coordinate efforts.

Read Post

GitGuardian

Read more about How Cybercriminal Organizations Weaponize Exposed Secrets

The secret sprawl epidemic: Why it's getting worse #secretsprawl #machineidentity #securitymatters

Oct 9, 2025 By CyberArk In CyberArk

The secret sprawl epidemic: Why it's getting worse.

View Video

CyberArk

Read more about The secret sprawl epidemic: Why it's getting worse #secretsprawl #machineidentity #securitymatters

Terraform Secrets Management Best Practices: Secret Managers and Ephemeral Resources

Oct 9, 2025 By Tiexin Guo In GitGuardian

In this blog, we will explore Terraform secrets management best practices, ephemeral resources, and some examples of securely orchestrating AWS infrastructure with AWS Secrets Manager.

Read Post

GitGuardian

Read more about Terraform Secrets Management Best Practices: Secret Managers and Ephemeral Resources

The case against secrets in .env files

Sep 29, 2025 By Snyk In Snyk

Most developers rely on.env files to store secrets like API keys, database passwords, and tokens. But what if I told you this common practice can leave you wide open to attacks? In this video, I break down why storing secrets in a.env file is dangerous, how attackers can exploit it, and what safer alternatives you should be using instead.

View Video

Snyk

Read more about The case against secrets in .env files

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Sep 17, 2025 By Soujanya Ain In GitGuardian

Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks.

Read Post

GitGuardian

Read more about Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Sep 3, 2025 By Guillaume Valadon In GitGuardian

The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.

Read Post

GitGuardian

Read more about When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Sep 2, 2025 By Andy Rea In GitGuardian

I'm going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code.

Read Post

GitGuardian

Read more about Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Secrets Sprawl and Credential Abuse: 2025's Hidden Enterprise Threat

Aug 29, 2025 By Foresiet In Foresiet

In 2025, cybersecurity is no longer defined by firewalls or VPN barriers—it hinges on identity. Enterprises face a growing hazard from secrets sprawl and credential abuse. With API keys, tokens, and passwords scattered across repos, containers, and dev chat channels, attackers exploit these gaps with alarming precision. This isn’t just an IT headache—it’s a boardroom crisis that demands strategic action.

Read Post

Foresiet

Read more about Secrets Sprawl and Credential Abuse: 2025's Hidden Enterprise Threat

Bridging runtime visibility and secrets management in Kubernetes with Sweet Security and CyberArk

Aug 14, 2025 By Niels van Bennekom In CyberArk

Secrets management is a foundational pillar of cloud security. It enables secure storage, rotation, and access control for application secrets. But in Kubernetes environments, secrets don’t just live in vaults; they move, execute, and often proliferate across clusters and containers. Without visibility into how secrets are used at runtime, organizations risk exposing sensitive data without realizing it.

Read Post

CyberArk

Read more about Bridging runtime visibility and secrets management in Kubernetes with Sweet Security and CyberArk

The Alarming Surge in Leaked Credentials: Protecting Your Business in 2025

Jul 30, 2025 By Gemma Goldstein In Cyberint

One of the most pressing cyber threats businesses face today is the rampant rise in leaked credentials. Data from Cyberint, a Check Point company, reveals a staggering 160% increase in leaked credentials so far in 2025 compared to 2024. This isn’t just a statistic; it’s a direct threat to your organization’s security.

Read Post

Cyberint

Read more about The Alarming Surge in Leaked Credentials: Protecting Your Business in 2025

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How Cybercriminal Organizations Weaponize Exposed Secrets

The secret sprawl epidemic: Why it's getting worse #secretsprawl #machineidentity #securitymatters

Terraform Secrets Management Best Practices: Secret Managers and Ephemeral Resources

The case against secrets in .env files

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Secrets Sprawl and Credential Abuse: 2025's Hidden Enterprise Threat

Bridging runtime visibility and secrets management in Kubernetes with Sweet Security and CyberArk

The Alarming Surge in Leaked Credentials: Protecting Your Business in 2025

Monthly Archive

Follow Us