Please turn JavaScript on
Homepage
TrendingMy newsFind FeedsDelivery settingsPlansMy earnings
HelpBlog
Log in
Find more feeds

GitGuardian Blog - Take Control of Your Secrets Security

Following GitGuardian Blog - Take Control of Your Secrets Security's news feed is very easy. Subscribe using the "follow" button on the top right and if you want to, choose the updates by topic or tag.

We will deliver them to your inbox, your phone, or you can use follow.it like your own online RSS reader. You can unsubscribe whenever you want with one click.

Keep up to date with GitGuardian Blog - Take Control of Your Secrets Security!

GitGuardian Blog - Take Control of Your Secrets Security: GitGuardian Blog - NHI Governance & Secrets Security

Is this your feed? Claim it!

Publisher:  Unclaimed!
Message frequency:  0.4 / day

Message History

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and more from developer machines, where secrets live, breathe, and often remain unmonitored.

"Litellm is downloaded


Read full story
BSides SF 2026: Looking At Security Beyond The Next Big Bet

San Francisco has always had a talent for turning risk into infrastructure, such as when Charles Fey invented the slot machine there during the Gold Rush. Today, we have another nondeterministic device for fortune seekers willing to pull a lever...


Read full story
Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most

💡On March 24, the campaign moved to Pypi. The Litellm packages in versions 1.82.7 and 1.82.8 have been poisoned with the same infostealer malware as the one used in the original campaign, and later on NPM.

A new exfiltration endpoint is used: https://models.litellm[.]cloud/
Other IoCs stay the same.

The Trivy story is moving quickly, and the latest re...


Read full story
Honeytokens on the Developer Workstation: When Cleanup Takes Time

Supply chain security has moved closer to the humans with hands on the keyboard.

For years, security teams have treated production systems, CI/CD pipelines, and identity infrastructure as the most sensitive parts of the software lifecycle. That is not wrong, but it is incomplete. The developer workstation belongs in that same conversation because it sits at the intersec...


Read full story
Chainguard Assemble 2026 and the Security Factory Mindset

New York knows how to turn rough ground into something human-friendly. For example, the Liz Christy Garden began in 1973 as the city’s first community garden, carved out of an overgrown vacant lot on the Lower East Side. They went from a wild and chaotic space to...


Read full story