DjangoCon US 2025: Security, Simplicity, and Community
At DjangoCon US 2025, speakers emphasized seasoned tech over hype, featuring secure GitOps workflows, simpler frontend alternatives, and sustainable open-source models.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Working With GitGuardian Playbooks To Automate Your Workflows
In this video, we'll cover GitGuardian Playbooks and how to manage them in your workspace. We know that time is critical when a secrets incident occurs. That's why our platform allows you to quickly and easily automate steps of the incident response process. We call these automations "Playbooks".
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories
Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years.
BlueTeamCon 2025: Finding new approaches to security that don't let perfect stand in the way of better
BlueTeamCon 2025 showed why progress beats perfection in cybersecurity. Explore highlights on visibility, AI safety, collaboration, identity, and pragmatic defense.
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.
The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets
GitGuardian has uncovered GhostAction, a massive supply chain attack targeting 327 GitHub users and 817 repositories. Attackers injected malicious workflows that exfiltrated over 3,325 secrets, including npm, PyPI, and DockerHub tokens. Watch as GitGuardian's Senior Cybersecurity Researcher, Guillaume Valadon breaks down how this campaign unfolded, what was stolen, and what developers need to know to stay safe.
Why the Principle of Least Privilege Is Critical for Non-Human Identities
Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.
When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce
The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.
Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension
I'm going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code.
Beyond Secrets: How Managed Identities Are Transforming Multicloud Security
Managed identities offer a paradigm shift from "what fo you have"to "who you are" authentication, providing automated, short-lived credentials that eliminate credential sprawl across multicloud environments.