![Shai-Hulud 2.0 Exposes Over 33,000 Unique Secrets [Updated Nov, 27]](/content/images/size/w600/2025/11/shai-hulud--2--1.png)
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
From ITDR to MCP, LASCON XV in Austin showed how AppSec must evolve to address identity threats, AI challenges, and the complexity of modern production systems.
Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots.
We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
At INCYBER Forum Canada 2025, leaders from across sectors explored AI, supply-chain risk, and culture-driven defense, stressing that true resilience is built together.
Ever accidentally pasted an API key into a web form? Chromegg is our new Chrome extension that scans form fields in real-time, alerting you BEFORE you submit secrets. Open-source & ready to use!
Why agents break the old model and require rethinking traditional OAuth patterns.
CornCon 11 emphasized security basics, real-world risk alignment, and sustainable practices to help teams build resilient programs in today’s complex threat landscape.
SRE Day SF shows why dashboards alone do not defend anything. Explore paths to better telemetry, progressive delivery, and resilience that customers can feel.
The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson Collective formed an alliance to coordinate efforts.
In this blog, we will explore Terraform secrets management best practices, ephemeral resources, and some examples of securely orchestrating AWS infrastructure with AWS Secrets Manager.
DevOpsDays Philadelphia 2025 showed how AI governance, secrets security, runtime traces, and ablative resilience work together to reduce operational risk.
This breach exposed 570GB of data from 28,000 repositories, affecting 800+ organizations. Crimson Collective leaked Customer Engagement Reports containing credentials, API keys, and infrastructure details from major enterprises.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
