We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
Discover how an overprovisioned SAS token exposed a massive 38TB trove of private data on GitHub for nearly three years. Learn about the misconfiguration, security risks, and mitigation strategies to protect your sensitive assets.
Explore CISA & NIST's recent cybersecurity publications. Get key insights into securing vital infrastructure in an ever-evolving threat landscape and how GitGuardian can help.
Discover how seemingly minor mistakes, like leaking a secret to a non-publicly accessible resource, can lead to a major breach. In this engaging scenario, see how an attacker would chain vulnerabilities to access highly sensitive areas, and learn a valuable lesson along the way.
Read the journey of GitGuardian Honeytoken, a tool that is changing the game in supply chain protection and threat detection. Explore its features, the motivation behind its creation, and what's next.
In today's digital landscape, the issue of compromised credentials has become a major concern. Discover how renowned companies like Microsoft, VMware, and Sourcegraph were recently confronted with the threats of secrets sprawling.
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.
The figures are precise: stolen credentials remain the most common cause of a data breach. So how are there still thousands of hardcoded secrets hiding in source code, CI/CD pipelines, or Docker images, and, more importantly, how should we deal with them?
This tutorial helps you better understand AWS Secrets Manager, how it works under the hood and how to access it from Kubernetes clusters.
Discover insights from Sophos' 2023 Active Adversary Report. Credential leaks are now the leading way in for attackers and dwell times are getting shorter.
dev up 2023 was a gathering of industry professionals looking to Elevate their skills and security know-how. Read about the latest in tools, DevOps, security, and career growth.
Defend your digital assets in 2023 with modern strategies. From IaC scanning to secrets detection to honeytokens, strengthen your castle against evolving threats.
This tutorial provides an insightful introduction to GCP's Secret Manager and guides you in creating secrets and securing access to secrets within VMs and CI pipelines.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
