@bitwarden/cli - GitGuardian Views on helloworm00

GitGuardian analysis of the @bitwarden/cli compromise: GitHub used as C2, new Cloudflare exfiltration domain found, linked to April 22 Checkmarx KICS compromise via Dependabot.

EDITOR’S PICK

The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub

Guillaume Valadon

5 Mar 2026 – 5 min read

all tags

Conferences

Passwords, Resilience, And Being Human: Working Together For A Brighter Future At BSides Las Vegas 2025

Dive into insights from BSides Las Vegas 2025: how identity hygiene, human ecosystems, structural resilience, and unpredictability define modern defenses.

Dwayne McDaniel

8 Aug 2025 – 9 min read

Artificial Intelligence

Probably Secure: A Look At The Security Concerns Of Deterministic Vs Probabilistic Systems

Learn why deterministic security remains essential in an AI-driven world and how GitGuardian combines probability and proof for safe, auditable development.

Dwayne McDaniel

7 Aug 2025 – 11 min read

Non-Human Identity

The Promise and Pitfalls of Ephemeral Identities

Short-lived credentials reduce exposure – but they aren’t secure by default. Here’s what ephemeral identity gets right, and where it can fail.

Dan Kaplan

6 Aug 2025 – 10 min read

Non-Human Identity

The Identity Revolution: How AI Agents Are Reshaping Security Architecture

Read key insights from GitGuardian SecDays Virtual 2025 on securing the future of autonomous AI agents.

Soujanya Ain

4 Aug 2025 – 5 min read

Secrets Management

Symmetric Cryptography in Practice: A Developer's Guide to Key Management

Symmetric cryptography powers everything from HTTPS to JWT tokens, but key management remains a significant challenge. This developer guide covers three critical use cases—session keys, self-use keys, and pre-shared keys—with practical strategies for secure generation, rotation, and storage.

Gaetan Ferry

31 Jul 2025 – 17 min read

Product News

Q2 2025 Recap: GitGuardian Sharpens the Edge on Secrets Security and Agentic AI Protection

Explore enhanced secrets security across code, collaboration tools, & public repos. Discover new Agentic AI protection, NHI lifecycle automation, and smarter incident management.

Soujanya Ain

25 Jul 2025 – 4 min read

Secrets detection

SharePoint Zero-Day Exploits Highlight Hidden Secrets Risk in Document Collaboration Tools

The recent SharePoint zero-day exploits expose a critical blind spot: hardcoded secrets hidden in collaboration tools. While teams secure code repositories, API keys and credentials lurking in SharePoint documents create dangerous attack vectors for lateral movement.

Anna Nabiullina

23 Jul 2025 – 2 min read

Secrets detection

GitHub's Default Push Protection: Enhancing Secrets Protection with Limitations to Consider

GitHub's Push Protection is now enabled by default for all public repositories, a big milestone for open-source security! Find out the key points you need to keep in mind before using it to safeguard your code repositories.

Thomas Segura

22 Jul 2025 – 12 min read

Non-Human Identity

The Non-Human Identity Crisis: Key Insights from GitGuardian SecDays Virtual 2025

Discover key insights from GitGuardian SecDays 2025 on the Non-Human Identity (NHI) crisis. Learn how to tackle secrets sprawl, go secretless, and secure machine identities.

Soujanya Ain

21 Jul 2025 – 4 min read

From Secrets Sprawl to Secretless: Snowflake's Journey through NHI Lifecycle Management

Non-Human Identity

Customer Stories

From Secrets Sprawl to Secretless: Snowflake's Journey through NHI Lifecycle Management

Learn how Snowflake is tackling NHIs, from secrets sprawl to a secretless architecture using GitGuardian for detection and Aembit for prevention.

Soujanya Ain

17 Jul 2025 – 4 min read

GitGuardian Launches its MCP Server: Putting Secrets Security in the Developers' Hands

Non-Human Identity

Product News

GitGuardian Launches its MCP Server: Putting Secrets Security in the Developers' Hands

Empower your developers with GitGuardian's new MCP Server. Embed AI-driven secrets security directly into your IDE, streamline incident remediation, and secure code in real time.

Soujanya Ain

15 Jul 2025 – 4 min read

Security Research

Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications

Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.

Guillaume Valadon

10 Jul 2025 – 10 min read

@bitwarden/cli - GitGuardian Views on helloworm00

Guillaume Valadon

MOST POPULAR

The Team PCP Snowball Effect: A Quantitative Analysis

Gaetan Ferry

Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most

Guillaume Valadon

EDITOR’S PICK

The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub

Anna Nabiullina

2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk

Guillaume Valadon

Passwords, Resilience, And Being Human: Working Together For A Brighter Future At BSides Las Vegas 2025

Dwayne McDaniel

Probably Secure: A Look At The Security Concerns Of Deterministic Vs Probabilistic Systems

Dwayne McDaniel

The Promise and Pitfalls of Ephemeral Identities

Dan Kaplan

The Identity Revolution: How AI Agents Are Reshaping Security Architecture

Soujanya Ain

Symmetric Cryptography in Practice: A Developer's Guide to Key Management

Gaetan Ferry

Q2 2025 Recap: GitGuardian Sharpens the Edge on Secrets Security and Agentic AI Protection

Soujanya Ain

SharePoint Zero-Day Exploits Highlight Hidden Secrets Risk in Document Collaboration Tools

Anna Nabiullina

GitHub's Default Push Protection: Enhancing Secrets Protection with Limitations to Consider

Thomas Segura

The Non-Human Identity Crisis: Key Insights from GitGuardian SecDays Virtual 2025

Soujanya Ain

From Secrets Sprawl to Secretless: Snowflake's Journey through NHI Lifecycle Management

Soujanya Ain

GitGuardian Launches its MCP Server: Putting Secrets Security in the Developers' Hands

Soujanya Ain

Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications

Guillaume Valadon

Start your journey to secrets-free source code