Shai-Hulud 2.0: the supply chain attack that learned

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.

EDITOR’S PICK

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Ziad Ghalleb

13 Apr 2025 – 12 min read

all tags

Security Research

Breach explained

Shai-Hulud 2.0: the supply chain attack that learned

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.

OWASP Top 10 2025 Updates: Supply Chain, Secrets, And Misconfigurations Take Center Stage

Discover what’s changed in the OWASP 2025 Top 10 and how GitGuardian helps you mitigate risks like broken access control and software supply chain failures.

Workload And Agentic Identity at Scale: Insights From CyberArk's Workload Identity Day Zero

On the eve of KubeCon 2025, experts from companies like Uber, AWS, and Block shared how SPIRE and workload identity fabrics reduce risk in complex, cloud-native systems.

Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025

From secure service mesh rollouts to AI cluster hardening, see how KubeCon + CloudNativeCon NA 2025 redefined identity, trust, and governance in Kubernetes environments.

Dwayne McDaniel

20 Nov 2025 – 8 min read

API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches

Secrets Management

Secrets detection

API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches

In this blog, we will navigate through a few enterprise-proven methods to make API key more secure. Read on!

Queen City Con 0x3: Hacking And Embracing Resiliency

Queen City Con 2025 highlighted identity, cloud risk, and detection gaps. Learn why defaults and identity sprawl, not zero-days, are still the greatest security threat.

Q3 2025: NHI Security Gets More Real

Unified Non-Human Identity (NHI) security platform now features integrated Public Monitoring, one-click secret revocation for GitHub/GitLab/OpenAI, and enhanced graph intelligence. Close the attack window with automated remediation and expanded visibility.

Soujanya Ain

11 Nov 2025 – 6 min read

Conferences

BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments

Highlights from BSides Chicago 2025, where we explored cloud-native identity risks, from service principal abuse to Kubernetes misconfigs and control-plane compromise tactics.

Dwayne McDaniel

6 Nov 2025 – 7 min read

Conferences

Identity Architecture Now Drives Cyber Risk: Techno Security & Digital Forensics Conference West 2025

Identity, classification, and cloud persistence risks took center stage at Techno Security West 2025. Learn what cybersecurity leaders are prioritizing now.

Dwayne McDaniel

4 Nov 2025 – 6 min read

Non-Human Identity

Working Towards Improved PAM: Widening The Scope And Taking Control

Learn how GitGuardian supports expanding privileged access management to include non-human identities and improve secrets management across your infrastructure and vaults.

Dwayne McDaniel

31 Oct 2025 – 5 min read

Secrets detection

The Hidden Cost of Secrets Sprawl

Manual secrets management costs organizations $172,000+ annually per 10 developers. Discover the hidden productivity drain, security risks, and how automation can recover at least 1.2 FTE worth of capacity.

Soujanya Ain

30 Oct 2025 – 7 min read

Conferences

LASCON XV: From AI Risk To Identity Security In AppSec

From ITDR to MCP, LASCON XV in Austin showed how AppSec must evolve to address identity threats, AI challenges, and the complexity of modern production systems.

Dwayne McDaniel

29 Oct 2025 – 6 min read

Shai-Hulud 2.0: the supply chain attack that learned

Guillaume Valadon

MOST POPULAR

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

Gaetan Ferry

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

EDITOR’S PICK

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Guillaume Valadon

Investigating, prioritizing, and remediating thousands of hardcoded secrets incidents

Ziad Ghalleb

Shai-Hulud 2.0: the supply chain attack that learned

Guillaume Valadon

OWASP Top 10 2025 Updates: Supply Chain, Secrets, And Misconfigurations Take Center Stage

Dwayne McDaniel

Workload And Agentic Identity at Scale: Insights From CyberArk's Workload Identity Day Zero

Dwayne McDaniel

Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025

Dwayne McDaniel

API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches

Tiexin Guo

Queen City Con 0x3: Hacking And Embracing Resiliency

Dwayne McDaniel

Q3 2025: NHI Security Gets More Real

Soujanya Ain

BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments

Dwayne McDaniel

Identity Architecture Now Drives Cyber Risk: Techno Security & Digital Forensics Conference West 2025

Dwayne McDaniel

Working Towards Improved PAM: Widening The Scope And Taking Control

Dwayne McDaniel

The Hidden Cost of Secrets Sprawl

Soujanya Ain

LASCON XV: From AI Risk To Identity Security In AppSec

Dwayne McDaniel

Start your journey to secrets-free source code

Shai-Hulud 2.0: the supply chain attack that learned

Guillaume Valadon

MOST POPULAR

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

Gaetan Ferry

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

EDITOR’S PICK

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Guillaume Valadon

Investigating, prioritizing, and remediating thousands of hardcoded secrets incidents

Ziad Ghalleb

Shai-Hulud 2.0: the supply chain attack that learned

Guillaume Valadon

OWASP Top 10 2025 Updates: Supply Chain, Secrets, And Misconfigurations Take Center Stage

Dwayne McDaniel

Workload And Agentic Identity at Scale: Insights From CyberArk's Workload Identity Day Zero

Dwayne McDaniel

Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025

Dwayne McDaniel

API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches

Tiexin Guo

Queen City Con 0x3: Hacking And Embracing Resiliency

Dwayne McDaniel

Q3 2025: NHI Security Gets More Real

Soujanya Ain

BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments

Dwayne McDaniel

Identity Architecture Now Drives Cyber Risk: Techno Security & Digital Forensics Conference West 2025

Dwayne McDaniel

Working Towards Improved PAM: Widening The Scope And Taking Control

Dwayne McDaniel

The Hidden Cost of Secrets Sprawl

Soujanya Ain

LASCON XV: From AI Risk To Identity Security In AppSec

Dwayne McDaniel

Start your journey to secrets-free source code

Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025