all tags
Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications

Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications

Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.

Agent-Based AI and the Machine Identity Revolution Are Reshaping Security

Agent-Based AI and the Machine Identity Revolution Are Reshaping Security

Is agentic AI the productivity revolution we've been waiting for, or a security nightmare in the making? With AI agents now outnumbering humans and secrets proliferating across enterprise systems, the answer isn't simple. Read our insights from SecDays {France} 2025.

Automated Guard Rails for Vibe Coding

Automated Guard Rails for Vibe Coding

Vibe coding might sound like a trendy term, but it's really just developing software without automated checks and quality gates. Traditional engineering disciplines have always relied on safety measures and quality controls, so vibe coding should be no different in my honest opinion.

Why Most Exposed Secrets Never Get Fixed

Why Most Exposed Secrets Never Get Fixed

Our latest State of Secrets Sprawl 2025 research reveals a troubling reality: the majority of leaked corporate secrets found in public code repositories continue to provide access to systems for years after their discovery.

Start your journey to secrets-free source code

And keep your secrets out of sight

arrow-down