BSides312 2026: Security Basics Under New Pressure
In an AI-assisted development era, the third edition of BSides312 showed why trust, identity, access, evidence, and community remain core to security work.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Grafana and GitHub Breached: The Risk When Private Code Leaks
Code from GitHub and Grafana is in criminal hands. Secrets buried inside could open doors no one is thinking of protecting yet, and AI will make hunting 0-days in that private code faster than ever.
Leaked Kubernetes Secrets: Impact Assessment and Mitigation Strategies
A single leaked Kubernetes credential rarely stays in the cluster. It opens the registry credentials, private Docker images, and private GitHub repositories behind it. In Q1 2026 alone, our detectors caught close to 2,000 new such leaks on GitHub, 28% valid at leak time.
An inside look at finding Leaked CISA AWS GovCloud Admin Keys on Github
In this interview, GitGuardian security researcher Guillaume Valadon breaks down how GitGuardian discovered a public GitHub repository exposing CISA-related secrets, including plain-text passwords, AWS tokens, SAML certificates, CI/CD files, Kubernetes manifests, and internal operational documentation. We discuss how the leak was identified, why exposed secrets can create immediate risk, and how GitGuardian helped escalate the disclosure until the repository was taken offline within 26 hours.
Malware is created by criminals
"Malware is created by criminals. They are intending to cause harm. It is not hypothetical. They want you to consume it for nefarious purposes.".
How We Got a CISA GitHub Leak Taken Down in Under a Day
On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.
San Francisco Secure Software and AppSec Summit 2026: The Next AppSec Operating Model
Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.
The GitGuardian Secret Detection Engine Just Got 43X Faster Thanks To Rust
While not a new feature, the GitGuardian team has been hard at work making updates to our TokenScanner, the underlying engine that powers GitGuardian's secret scanning ability. This is great news for folks dealing with very large repos and legacy platforms that thousands of developers have touched over the years. Scanning millions of files, attachments, commits, and anywhere else secrets might be hiding takes minutes. Historical scans across petabytes of information, which used to take days, now take less than an hour. What used to take hours takes a few short minutes.