BlueTeamCon 2025: Finding new approaches to security that don’t let perfect stand in the way of better

BlueTeamCon 2025 showed why progress beats perfection in cybersecurity. Explore highlights on visibility, AI safety, collaboration, identity, and pragmatic defense.

EDITOR’S PICK

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Dwayne McDaniel

27 Mar 2025 – 8 min read

all tags

Non-Human Identity

Getting Started With SPIFFE for Multi-Cloud Secure Workload Authentication

SPIFFE stands for Secure Production Identity Framework for Everyone, and aims to replace single-factor access credentials with a highly scalable identity solution. This blog post provides some practical applications of SPIFFE in real-world environments.

Guest Expert

26 Aug 2024 – 4 min read

Conferences

DEF CON 32: What We Learned About Secrets Security at AppSec Village

At DEF CON 32's AppSec Village, we explored secrets security challenges, answered common questions, and shared how to detect and handle hidden credentials effectively.

Dwayne McDaniel

22 Aug 2024 – 8 min read

Best practices

From False Positives to Potential Breaches: The Risks of Prematurely Closing Incidents

Ignoring low-risk secrets in GitGuardian? This could be a costly mistake. Learn how to avoid the hidden dangers of prematurely closing incidents.

Ferdinand Boas

20 Aug 2024 – 6 min read

Supply Chain Security

Dependency Confusion Attacks and Prevention: Register Your Private Package Names

Dependency confusion attacks exploit gaps in your software supply chain. Dive into modern dependency management and learn how to defend your systems with best practices.

Guest Expert

15 Aug 2024 – 4 min read

Conferences

Hot Takes and Cool Strategies: BSides Las Vegas 2024

Experience the heat of innovation at BSides Las Vegas 2024, where cybersecurity experts tackle AI security, passwordless solutions, and zero-downtime credential rotation.

Dwayne McDaniel

13 Aug 2024 – 6 min read

Breach explained

The Secrets of the New York Times Source Code Breach

The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets).

Mackenzie Jackson

2 Aug 2024 – 7 min read

Security Research

Demystifying GitHub Private Forks - The Hidden Danger of Cached View

Some explanations about the hidden danger of GitHub features that allow anyone to access commits you thought had been deleted.

Guillaume Valadon

1 Aug 2024 – 2 min read

DevSecOps

Always Be Updating: Why Regular Patching Is Non-Negotiable in DevSecOps

DevSecOps Engineer Gene Gotimer explains why constant software dependency updates are crucial for security in DevSecOps practices.

Guest Expert

31 Jul 2024 – 7 min read

Conferences

Agile2024: Making Sure Security Is Part Of Our Processes

What does Agile have to do with improving security? A lot! Explore highlights from Agile2024, including technical health, productive meetings, and addressing shadow IT.

Dwayne McDaniel

30 Jul 2024 – 7 min read

DevSecOps

Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more

Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise.

Guest Expert

26 Jul 2024 – 8 min read

Tutorials

Securing Containers with Seccomp

In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.

C. J. May

25 Jul 2024 – 16 min read

Engineering

Better Security and Performance For Free? Why PostgreSQL is Amazing

Upgrade your PostgreSQL instance to the newest version with confidence! In this benchmarking blog post, we show you the performance improvements you can expect when upgrading from PostgreSQL 13 to 16.

Guardians

24 Jul 2024 – 8 min read

BlueTeamCon 2025: Finding new approaches to security that don’t let perfect stand in the way of better

Dwayne McDaniel

MOST POPULAR

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

Gaetan Ferry

The Nx "s1ngularity" Attack: Inside the Credential Leak

Guillaume Valadon

EDITOR’S PICK

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Guillaume Valadon

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

Getting Started With SPIFFE for Multi-Cloud Secure Workload Authentication

Guest Expert

DEF CON 32: What We Learned About Secrets Security at AppSec Village

Dwayne McDaniel

From False Positives to Potential Breaches: The Risks of Prematurely Closing Incidents

Ferdinand Boas

Dependency Confusion Attacks and Prevention: Register Your Private Package Names

Guest Expert

Hot Takes and Cool Strategies: BSides Las Vegas 2024

Dwayne McDaniel

The Secrets of the New York Times Source Code Breach

Mackenzie Jackson

Demystifying GitHub Private Forks - The Hidden Danger of Cached View

Guillaume Valadon

Always Be Updating: Why Regular Patching Is Non-Negotiable in DevSecOps

Guest Expert

Agile2024: Making Sure Security Is Part Of Our Processes

Dwayne McDaniel

Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more

Guest Expert

Securing Containers with Seccomp

C. J. May

Better Security and Performance For Free? Why PostgreSQL is Amazing

Guardians

Start your journey to secrets-free source code