How Cybercriminal Organizations Weaponize Exposed Secrets

The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson Collective formed an alliance to coordinate efforts.

Guillaume Valadon

10 Oct 2025 – 3 min read

Gaetan Ferry

5 Sep 2025 – 9 min read

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

27 Mar 2025 – 8 min read

EDITOR’S PICK

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Guillaume Valadon

3 Sep 2025 – 4 min read

The State of Secrets Sprawl 2025

Soujanya Ain

11 Mar 2025 – 3 min read

all tags

Taking the Long View: GitGuardian's Approach to Market Relevance in Cyber

My perspective on how GitGuardian approaches the cybersecurity market with a focus on the long game.

Eric Fourrier

3 Apr 2024 – 2 min read

The Open-Source Backdoor That Almost Compromised SSH

Supply Chain Security

Breach explained

The Open-Source Backdoor That Almost Compromised SSH

The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.

Carole Winqwist

2 Apr 2024 – 3 min read

Conferences

Atlanta Cloud Conference 2024: Responsible AI Use And Securing Cloud Deployments

Dive into our recap of AtlCloudCon, a community-led, developer-focused event offering practical insights for responsibly harnessing AI and securing cloud infrastructure.

Dwayne McDaniel

1 Apr 2024 – 6 min read

Is your roadmap prioritizing memory safe programming languages?

Cybersecurity agencies from five different national governments put out a plea in December for developers to use memory-safe programming languages. Are you ready?

Greg Bulmash

29 Mar 2024 – 3 min read

DevSecOps

Vulnerability Management

Vulnerability Management Lifecycle in DevSecOps

In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.

Guest Expert

27 Mar 2024 – 12 min read

Conferences

SCaLE 21x: A Community Event About Much More Than Linux

Read our highlights from SCaLE 21x, where the community focused on all things open source, not just Linux, with over 270 sessions on DevOps, cloud tech, and security.

Dwayne McDaniel

25 Mar 2024 – 10 min read

Best practices

I asked 40 security experts to share their best advice, it didn't disappoint.

This post explores the best security advice we have received over the past almost 2 years from various different security professionals.

Mackenzie Jackson

22 Mar 2024 – 6 min read

How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide

Honeytokens

Best practices

How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide

Learn how to effectively respond to an AWS key honeytoken trigger with this step-by-step guide. Investigate the incident, identify the leak source, secure your environment, and leverage OSINT techniques to protect your AWS infrastructure.

Guest Expert

21 Mar 2024 – 6 min read

Breach explained

Misconfigurations in Google Firebase lead to over 19.8 million leaked secrets

Read our summary of research that found millions of records that exposed user passwords due to misconfigured or missing security settings.

Dwayne McDaniel

20 Mar 2024 – 3 min read

Security Zines

SOPS [Security Zines]

Enjoy the power of SOPS to secure your secrets with this new zine!

Carole Winqwist

18 Mar 2024 – 2 min read

Conferences

SnowFROC 2024: Securing The Future With OWASP Community In Denver

OWASP's annual Denver conference brought together thought leaders to talk about security, dependency management, and how AI is complicating our lives.

Dwayne McDaniel

15 Mar 2024 – 6 min read

Supply Chain Security

Three Mechanisms to Protect Your Git Repositories

...despite all intentions to follow best practices, they don't. When you automate enforcement of best practices, you can ensure those practices are followed...

Greg Bulmash

14 Mar 2024 – 4 min read

How Cybercriminal Organizations Weaponize Exposed Secrets

Guillaume Valadon

MOST POPULAR

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

Gaetan Ferry

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

EDITOR’S PICK

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Guillaume Valadon

The State of Secrets Sprawl 2025

Soujanya Ain

Taking the Long View: GitGuardian's Approach to Market Relevance in Cyber

Eric Fourrier

The Open-Source Backdoor That Almost Compromised SSH

Carole Winqwist

Atlanta Cloud Conference 2024: Responsible AI Use And Securing Cloud Deployments

Dwayne McDaniel

Is your roadmap prioritizing memory safe programming languages?

Greg Bulmash

Vulnerability Management Lifecycle in DevSecOps

Guest Expert

SCaLE 21x: A Community Event About Much More Than Linux

Dwayne McDaniel

I asked 40 security experts to share their best advice, it didn't disappoint.

Mackenzie Jackson

How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide

Guest Expert

Misconfigurations in Google Firebase lead to over 19.8 million leaked secrets

Dwayne McDaniel

SOPS [Security Zines]

Carole Winqwist

SnowFROC 2024: Securing The Future With OWASP Community In Denver

Dwayne McDaniel

Three Mechanisms to Protect Your Git Repositories

Greg Bulmash

Start your journey to secrets-free source code