Conferences
BSides312 2026: Security Basics Under New Pressure
In an AI-assisted development era, the third edition of BSides312 showed why trust, identity, access, evidence, and community remain core to security work.
MOST POPULAR
all tags
other
BSides312 2026: Security Basics Under New Pressure
In an AI-assisted development era, the third edition of BSides312 showed why trust, identity, access, evidence, and community remain core to security work.
Grafana and GitHub Breached: The Risk When Private Code Leaks
Code from GitHub and Grafana is in criminal hands. Secrets buried inside could open doors no one is thinking of protecting yet, and AI will make hunting 0-days in that private code faster than ever.
Leaked Kubernetes Secrets: Impact Assessment and Mitigation Strategies
A single leaked Kubernetes credential rarely stays in the cluster. It opens the registry credentials, private Docker images, and private GitHub repositories behind it. In Q1 2026 alone, our detectors caught close to 2,000 new such leaks on GitHub, 28% valid at leak time.
How We Got a CISA GitHub Leak Taken Down in Under a Day
On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.
San Francisco Secure Software and AppSec Summit 2026: The Next AppSec Operating Model
Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.
AI Agents Security for Developers: Don't Let Your Agents Become a Liability
Using Cursor, GitHub Copilot, Claude Code, Codex, or another coding agent means giving software access to more than your code. It can also see the credentials available in your workspace, shell, config files, and development environment.
Mini Shai-Hulud: A persistent supply-chain worm
A self-replicating worm is actively compromising packages with 3M+ weekly downloads, hijacking tokens from CI/CD pipelines, and bypassing trusted publishing protections.
GitGuardian Now Flags Admin and Overprivileged Identities Across AWS, Entra, and Okta
GitGuardian's NHI Governance now adds privilege context to leaked secrets, auto-escalating admin-level risks for smarter prioritization across AWS, Entra, and Okta. Discover how admin badges and overprivilege detection cut through noise to focus on true blast radius.
GCSI 2026: AI Readiness in a City Built in Layers
GCSI 2026 showed why cyber readiness depends on visibility into vendors, AI tools, identities, workflows, and hidden business dependencies.
Local Guardrails for Secrets Security in the Age of AI Coding Assistants
Modern developer environments expose sensitive context across files, prompts, logs, and commands. Learn how layered local controls reduce secrets risk.
Identity Access Management Strategy for Non-Human Identities
Build an identity and access management strategy for non-human identities. Secure service accounts, workloads, and machine identities in the cloud.
The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords
LLMs leave statistical fingerprints in the passwords they generate. We built a 100-year-old model to find them and detected 28,000 in the wild.
