New GitHub Zero-Day Exposed Developer Tokens to Attackers
A single click on the wrong repository could have put a developer’s GitHub access at risk. Security researcher Ammar Askar...
Security Research
![[un]prompted 2026 – Total Recon: How We Discovered 1000s Of Open Agents In The Wild](https://securityboulevard.com/wp-content/uploads/2018/01/TwitterLogo-002.jpg)
A Mini Shai-Hulud Targeting the SAP Ecosystem
The post A Mini Shai-Hulud Targeting the SAP Ecosystem appeared first on GitGuardian Blog – Take Control of Your Secrets...
The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords
The post The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords appeared first on GitGuardian Blog – Take Control...
The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords
The post The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords appeared first on GitGuardian Blog – Take Control...
Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too
The post Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too appeared first on GitGuardian Blog – Take Control...
Renovate & Dependabot: The New Malware Delivery System
Supply chain attacks every other morning Unless you’ve lived under a rock for the last few months, you probably noticed...
Axios Compromise on npm Introduces Hidden Malicious Package
A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used...
Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer
This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs),...
Sonatype Discovers Two Malicious npm Packages
Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two...
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000...
The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub
In less than a year, AI-assisted coding went from novelty to habit. What used to be a specialized workflow...
2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk
This post is a companion piece to our presentation at Real World Crypto (RWC) 2026 in Taipei, Taiwan on...
Moltbot Personal Assistant Goes Viral—And So Do Your Secrets
Moltbot (formerly known as Clawdbot) is an open-source, self-hosted AI agent that operates directly on your local machine. It acts...
