Renovate & Dependabot: The New Malware Delivery System
Recent supply chain attacks stayed live for hours. Automation tools silently merged their malware in minutes. Read how upgrade bots and AI agents became the insider threat.
Key Leaks, Vault Failures, and TEE Attacks: Highlights from RWC 2026
What resonated most at RWC 2026? GitGuardian highlights key research on private key leaks, password managers, trusted execution environments, and secret sprawl.
The Team PCP Snowball Effect: A Quantitative Analysis
Supply chain attacks cascade through ecosystems in ways traditional metrics hardly capture. GitGuardian evaluates the PCP Team incidents and finds damage spread to thousands of public targets.
2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk
GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation.
Your Secrets Need a VDP, Not Just a Bug Bounty
Bug bounty programs are valuable—until they replace disclosure policies. Learn how unreasonable PoC demands or scope exclusions create security blind spots when it comes to leaked secrets.
![Shai-Hulud 2.0 Exposes Over 33,000 Unique Secrets [Updated Nov, 27]](https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w600/2025/11/shai-hulud--2--1.png)
Shai-Hulud 2.0 Exposes Over 33,000 Unique Secrets [Updated Nov, 27]
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
How Cybercriminal Organizations Weaponize Exposed Secrets
The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson Collective formed an alliance to coordinate efforts.
Shai-Hulud: A Persistent Secret Leaking Campaign
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.
Symmetric Cryptography in Practice: A Developer's Guide to Key Management
Symmetric cryptography powers everything from HTTPS to JWT tokens, but key management remains a significant challenge. This developer guide covers three critical use cases—session keys, self-use keys, and pre-shared keys—with practical strategies for secure generation, rotation, and storage.
xAI Secret Leak: The Story of a Disclosure
AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain.
