What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.

Guillaume Valadon

31 Dec 2024 – 3 min read

Guillaume Valadon

31 Dec 2024 – 3 min read

How to Handle Secrets in Helm

Tiexin Guo

29 Aug 2024 – 16 min read

EDITOR’S PICK

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

Dwayne McDaniel

18 Dec 2024 – 9 min read

Introducing The Next Step in GitGuardian’s NHI Security Approach

Soujanya Ain

10 Dec 2024 – 7 min read

all tags

Conferences

DevOpsDays Birmingham AL 2024: Guardrails, Immutable Infrastructures, and Community

Explore highlights from DevOpsDays Birmingham 2024, featuring workshops, sessions, and community-driven discussions on empowering teams and doing it securely.

Dwayne McDaniel

2 Sep 2024 – 6 min read

How to Handle Secrets in Helm

Learn step-by-step techniques and best practices to handle secrets in Helm charts safely and effectively. Level up your Helm deployments today!

Tiexin Guo

29 Aug 2024 – 16 min read

Product News

Elevating your secrets security hygiene: H1 roundup of our product innovations

Discover how GitGuardian's latest product innovations enhance your secrets security, streamline remediation, and improve incident management for better protection of your software supply chain.

Soujanya Ain

29 Aug 2024 – 8 min read

Conferences

Drupal GovCon 2024: Securing The Government's Open-Source Web Applications

Read our key takeaways from Drupal GovCon 2024, where Drupal experts explored secure open-source solutions for U.S. government websites and collaborative tools.

Dwayne McDaniel

27 Aug 2024 – 6 min read

Tutorials

Getting Started With SPIFFE For Multi-Cloud Secure Workload Authentication

SPIFFE stands for Secure Production Identity Framework for Everyone, and aims to replace single-factor access credentials with a highly scalable identity solution. This blog post provides some practical applications of SPIFFE in real-world environments.

Guest Expert

26 Aug 2024 – 4 min read

Conferences

DEF CON 32: What We Learned About Secrets Security at AppSec Village

At DEF CON 32's AppSec Village, we explored secrets security challenges, answered common questions, and shared how to detect and handle hidden credentials effectively.

Dwayne McDaniel

22 Aug 2024 – 8 min read

Best practices

From False Positives to Potential Breaches: The Risks of Prematurely Closing Incidents

Ignoring low-risk secrets in GitGuardian? This could be a costly mistake. Learn how to avoid the hidden dangers of prematurely closing incidents.

Ferdinand Boas

20 Aug 2024 – 6 min read

Supply Chain Security

Dependency Confusion Attacks and Prevention: Register Your Private Package Names

Dependency confusion attacks exploit gaps in your software supply chain. Dive into modern dependency management and learn how to defend your systems with best practices.

Guest Expert

15 Aug 2024 – 3 min read

Conferences

Hot Takes and Cool Strategies: BSides Las Vegas 2024

Experience the heat of innovation at BSides Las Vegas 2024, where cybersecurity experts tackle AI security, passwordless solutions, and zero-downtime credential rotation.

Dwayne McDaniel

13 Aug 2024 – 6 min read

How GitGuardian Helps With PCI DSS 4.0's Password Requirements

If you need to reach PCI DSS 4.0 compliance, GitGuardian has solutions that can help.

Greg Bulmash

12 Aug 2024 – 3 min read

Breach explained

The Secrets of the New York Times Source Code Breach

The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets).

Mackenzie Jackson

2 Aug 2024 – 7 min read

Security Research

Demystifying GitHub Private Forks - The Hidden Danger of Cached View

Some explanations about the hidden danger of GitHub features that allow anyone to access commits you thought had been deleted.

Guillaume Valadon

1 Aug 2024 – 2 min read

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

Guillaume Valadon

MOST POPULAR

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

Guillaume Valadon

How to Handle Secrets in Helm

Tiexin Guo

EDITOR’S PICK

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

Dwayne McDaniel

Introducing The Next Step in GitGuardian’s NHI Security Approach

Soujanya Ain

DevOpsDays Birmingham AL 2024: Guardrails, Immutable Infrastructures, and Community

Dwayne McDaniel

How to Handle Secrets in Helm

Tiexin Guo

Elevating your secrets security hygiene: H1 roundup of our product innovations

Soujanya Ain

Drupal GovCon 2024: Securing The Government's Open-Source Web Applications

Dwayne McDaniel

Getting Started With SPIFFE For Multi-Cloud Secure Workload Authentication

Guest Expert

DEF CON 32: What We Learned About Secrets Security at AppSec Village

Dwayne McDaniel

From False Positives to Potential Breaches: The Risks of Prematurely Closing Incidents

Ferdinand Boas

Dependency Confusion Attacks and Prevention: Register Your Private Package Names

Guest Expert

Hot Takes and Cool Strategies: BSides Las Vegas 2024

Dwayne McDaniel

How GitGuardian Helps With PCI DSS 4.0's Password Requirements

Greg Bulmash

The Secrets of the New York Times Source Code Breach

Mackenzie Jackson

Demystifying GitHub Private Forks - The Hidden Danger of Cached View

Guillaume Valadon

Start your journey to secrets-free source code