Security Research
Fresh From The Docks: Uncovering 100,000 Valid Secrets in DockerHub
This post details the methodology used to scan 15 million Docker images, uncovering a staggering 100,000 valid secrets, including AWS, GCP, and GitHub tokens belonging to Fortune 500 companies. This emphasizes the ...
A Look Into the Secrets of MCP: The New Secret Leak Source
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP ...
A Peek on Cloud Security: JSSI 2025
At JSSI 2025, French IT security experts discussed the cloud's impact on security. Presentations covered strategy and technical analysis. GitGuardian’s researchers shared insights on detecting secrets in the cloud and responsibly disclosing ...
Bypassing picklescan: Sonatype discovers four vulnerabilities
Sonatype has discovered and disclosed four vulnerabilities in picklescan, a tool designed to help developers scan Python pickle files for malicious content. Pickle files, used for serializing and deserializing Python AI/ML models, ...
Security First, Transparency Always: Inside GitGuardian’s Responsible Disclosure Process
In the past 6 months, our security research team disclosed 24 critical vulnerabilities. Most have been successfully remediated. Our team's contributions to cybersecurity have been formally recognized, with our researchers being listed ...
The Secret to Your Artifactory: Inside The Attacker Kill-Chain
Artifactory token leaks are not the most common, but they pose significant risks, exposing sensitive assets and enabling supply chain attacks. This article explores the dangers of leaked tokens and proposes mitigation ...
2024 Firefox Vulnerabilities: Managing Security RisksÂ
The preferred browser of more than 3% of all internet users, Mozilla Firefox is well-regarded for its perceived ability to deliver a secure and privacy-focused web experience. However, that same widespread usage ...
Common Vulnerabilities and Exposures: December 2024 Roundup
Strengthen your defenses by learning how to mitigate common vulnerabilities before they become breaches. The National Institute of Standards and Technology (NIST) issued several critical warnings regarding common vulnerabilities and exposures (CVEs) ...
CVSS Base Score vs Temporal Score: What You Need to Know
CVSS base scores and temporal scores are not the same. Understanding the distinctions between them is critical for any cybersecurity pro. In the fast-paced and high-stakes world of cybersecurity, there are often ...
CVE-2024-49138 – Windows Security Vulnerability – December 2024
A critical vulnerability (CVE-2024-49138) in Microsoft Windows exposes systems to privilege escalation attacks. Affected Platform CVE-2024-49138 impacts Microsoft Windows systems. This includes both workstation and server environments running supported Windows versions. The ...
