![Shai-Hulud 2.0 Exposes Over 33,000 Unique Secrets [Updated Nov, 27]](/content/images/size/w600/2025/11/shai-hulud--2--1.png)
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.
I'm going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code.
Discover what generic secrets detection is really about, why it's a critical component to build a performant secrets detection engine, and how GitGuardian is tackling this problem.
Managed identities offer a paradigm shift from "what fo you have"to "who you are" authentication, providing automated, short-lived credentials that eliminate credential sprawl across multicloud environments.
On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller scope of exposure.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Learn how GitGuardian and Delinea solve the growing problem of improper offboarding for Non-Human Identities (NHIs). Discover why orphaned secrets are a top security risk and how to automate their lifecycle management.
Discover how GitGuardian's "Bring Your Own Source" initiative enables security teams to extend secrets detection beyond code repositories, leveraging custom integrations to eliminate a significant hidden attack surface.
Discover EKS Pod Identity Association—the modern, secure way to grant AWS permissions without the operational overhead of OIDC providers. No more duplicated IAM roles across clusters, no more trust policy updates every time you scale.
Dive into insights from BSides Las Vegas 2025: how identity hygiene, human ecosystems, structural resilience, and unpredictability define modern defenses.
Learn why deterministic security remains essential in an AI-driven world and how GitGuardian combines probability and proof for safe, auditable development.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
