Breach explained

xAI Secret Leak: The Story of a Disclosure

xAI Secret Leak: The Story of a Disclosure

| | Best Practices, Breach explained, Secrets detection
AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure ...
GitGuardian Blog - Take Control of Your Secrets Security
Compromised tj-actions/changed-files GitHub Action: A look at publicly leaked secrets

Compromised tj-actions/changed-files GitHub Action: A look at publicly leaked secrets

| | Breach explained
On March 14, 2025, the popular GitHub action tj-actions/changed-files was compromised, exposing secrets in CI logs. GitGuardian's analysis identified leaked secrets like GitHub tokens, AWS keys, and more ...
GitGuardian Blog - Take Control of Your Secrets Security
What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

| | Breach explained
The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to ...
GitGuardian Blog - Take Control of Your Secrets Security
The Secrets of the New York Times Source Code Breach

The Secrets of the New York Times Source Code Breach

| | Breach explained, Secrets detection
The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times ...
GitGuardian Blog - Code Security for the DevOps generation
Demystifying Github Cached Views - The Hidden Danger

Demystifying Github Cached Views – The Hidden Danger

| | Breach explained, Secrets detection
Some explanations about the hidden danger of GitHub features that allow anyone to access commits you thought had been deleted ...
GitGuardian Blog - Code Security for the DevOps generation
Early Lessons from the Sisense Breach

Early Lessons from the Sisense Breach

| | Breach explained
Business intelligence company Sisense has seen secrets compromised in its GitLab repositories, leading to a siphoning of its customers' sensitive data ...
GitGuardian Blog - Code Security for the DevOps generation
Early Lessons from the Sisense Breach

Early Lessons from the Sisense Breach

| | Breach explained
Business intelligence company Sisense has seen secrets compromised in its GitLab repositories, leading to a siphoning of its customers' sensitive data ...
GitGuardian Blog - Code Security for the DevOps generation
The Open-Source Backdoor That Almost Compromised SSH

The Open-Source Backdoor That Almost Compromised SSH

| | Breach explained, supply chain security
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to ...
GitGuardian Blog - Code Security for the DevOps generation
The Open-Source Backdoor That Almost Compromised SSH

The Open-Source Backdoor That Almost Compromised SSH

| | Breach explained, supply chain security
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to ...
GitGuardian Blog - Code Security for the DevOps generation
Misconfigurations in Google Firebase lead to over 19.8 million leaked secrets

Misconfigurations in Google Firebase lead to over 19.8 million leaked secrets

| | Breach explained
Read our summary of research that found millions of records that exposed user passwords due to misconfigured or missing security settings ...
GitGuardian Blog - Automated Secrets Detection
Load more