Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The case against secrets in .env files

Sep 29, 2025 By Snyk In Snyk
Most developers rely on.env files to store secrets like API keys, database passwords, and tokens. But what if I told you this common practice can leave you wide open to attacks? In this video, I break down why storing secrets in a.env file is dangerous, how attackers can exploit it, and what safer alternatives you should be using instead.
View Video
gitguardian

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Sep 17, 2025 By Soujanya Ain In GitGuardian
Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks.
Read Post
gitguardian

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Sep 3, 2025 By Guillaume Valadon In GitGuardian
The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.
Read Post
foresiet

Secrets Sprawl and Credential Abuse: 2025's Hidden Enterprise Threat

Aug 29, 2025 By Foresiet In Foresiet
In 2025, cybersecurity is no longer defined by firewalls or VPN barriers—it hinges on identity. Enterprises face a growing hazard from secrets sprawl and credential abuse. With API keys, tokens, and passwords scattered across repos, containers, and dev chat channels, attackers exploit these gaps with alarming precision. This isn’t just an IT headache—it’s a boardroom crisis that demands strategic action.
Read Post
cyberark

Bridging runtime visibility and secrets management in Kubernetes with Sweet Security and CyberArk

Aug 14, 2025 By Niels van Bennekom In CyberArk
Secrets management is a foundational pillar of cloud security. It enables secure storage, rotation, and access control for application secrets. But in Kubernetes environments, secrets don’t just live in vaults; they move, execute, and often proliferate across clusters and containers. Without visibility into how secrets are used at runtime, organizations risk exposing sensitive data without realizing it.
Read Post
cyberint

The Alarming Surge in Leaked Credentials: Protecting Your Business in 2025

Jul 30, 2025 By Gemma Goldstein In Cyberint
One of the most pressing cyber threats businesses face today is the rampant rise in leaked credentials. Data from Cyberint, a Check Point company, reveals a staggering 160% increase in leaked credentials so far in 2025 compared to 2024. This isn’t just a statistic; it’s a direct threat to your organization’s security.
Read Post
syteca

Secrets Management: Definition, Challenges, and 7 Best Practices

Jul 30, 2025 By Ekran In Syteca
A single leaked password can lead to devastating breaches. Thus, it’s important to understand that managing your organization’s secrets is not just an IT concern — it’s a business-critical security practice. From your customers’ data to the organization’s financial information, your secrets hold the keys to the most vital areas within your infrastructure. If they are not protected, neither is your sensitive data.
Read Post
GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows

GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows

Jul 15, 2025 By GitGuardian In GitGuardian
GitGuardian, the leader in automated secrets detection and remediation, today announced the launch of its Model Context Protocol (MCP) Server, a powerful new infrastructure designed to bring AI-assisted secrets security directly into developer environments. As intelligent agents begin to reshape the software development landscape, GitGuardian's MCP server marks a pivotal shift in aligning security practices with an environment where code is shipped faster than ever.
Read Post

From Chaos to Control: How ML-Driven Prioritization Solves Secrets Leaks

Jun 27, 2025 By GitGuardian In GitGuardian
Security teams are still drowning in alerts. Solution? Leverage machine learning to prioritize your secrets risks! Discover how we use proprietary models that analyze the context in which your incidents occur, score their severity level, and generate clear explanations and guidelines that empower your team to focus on what matters most.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.