all tags
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.

The Nx "s1ngularity" Attack: Inside the Credential Leak

The Nx "s1ngularity" Attack: Inside the Credential Leak

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller scope of exposure.

How GitGuardian and Delinea Solve Improper Offboarding of NHIs at Scale

How GitGuardian and Delinea Solve Improper Offboarding of NHIs at Scale

Learn how GitGuardian and Delinea solve the growing problem of improper offboarding for Non-Human Identities (NHIs). Discover why orphaned secrets are a top security risk and how to automate their lifecycle management.

How to Securely Access AWS from your EKS Cluster

How to Securely Access AWS from your EKS Cluster

Discover EKS Pod Identity Association—the modern, secure way to grant AWS permissions without the operational overhead of OIDC providers. No more duplicated IAM roles across clusters, no more trust policy updates every time you scale.

Start your journey to secrets-free source code

And keep your secrets out of sight