![Shai-Hulud 2.0 Exposes Over 33,000 Unique Secrets [Updated Nov, 27]](/content/images/size/w600/2025/11/shai-hulud--2--1.png)
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
In episode 2 of the Red Team Chronicles, we talk with Philippe about the one size fits all security claims some vendors make and how hackers use this to get into systems undetected.
Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.
The Red Team Chronicles follows pentester and entrepreneur Philippe as we look into his hacking playbook. In episode one, we look at how Philippe started his journey to become a pentester.
Mirantis helps organizations ship code faster on public and private clouds. Director of IT Yury Koldobanov at Mirantis explains how GitGuardian helps them keep their code secure.
This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.
While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
The modern day bank heists illustrates high-level concepts around security and promotes a change in how we think about security, build defense systems and react to active threats.
Presentation of the talk at the RSA conference by Johannes Ullrich and Jason Lam: Attack & Defend: Protecting Modern Distributed Applications and Components.
GitGuardians “Dev in the loop” is another step towards bringing this into reality with a practical feature that improves the workflow of remediating a secret incident between developers and security teams.
This article introduces DevSecOps, making security part of the entire software development process. It outlines why having a DevSecops approach not only makes the software more secure but also why it can speed up the development process.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
