CyberSecurityBoard
Sponsor Register Login

GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation

GitGuardian, the security leader behind GitHub’s most installed application, today released its comprehensive “2025 State of Secrets Sprawl Report,” revealing a widespread and persistent security crisis that threatens organizations of all sizes. “The explosion of leaked secrets represents one of the most significant yet underestimated threats in cybersecurity,” said Eric Fourrier, CEO of GitGuardian. “Leaked secrets in private code repositories must be treated as compromised,” emphasized Eric Fourrier. Most concerning for enterprise security leaders: 70% of secrets leaked in 2022 remain active today, creating an expanding attack surface that grows more dangerous with each passing day. A security leader at a Fortune 500 company acknowledged this challenge: “We aim to rotate secrets annually, but enforcement is difficult across our environment. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. The platform is the world’s most installed GitHub application and supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. “For CISOs and security leaders, the goal isn’t just detection—it’s the remediation of these vulnerabilities before they’re exploited,” said Eric Fourrier. The report exposes a 25% increase in leaked secrets year-over-year, with 23.8 million new credentials detected on public GitHub in 2024 alone. “Eric Fourrier points to the 2024 U.S. Treasury Department breach as a warning: “A single leaked API key from BeyondTrust allowed attackers to infiltrate government systems. While GitHub’s Push Protection has reduced some leaks, it leaves significant gaps—particularly with generic secrets, private repositories, and collaboration tools. Despite GitHub’s Push Protection helping developers detect known secret patterns, generic secrets—including hardcoded passwords, database credentials, and custom authentication tokens—now represent more than half of all detected leaks. GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF, and Bouygues Telecom for robust secrets protection.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 13:25:06 +0000


Cyber News related to GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation

new detectors, your favorite features, and what's coming next in GitGuardian - GitGuardian Secrets Detection More detectors = more secrets caught. Every detector has its comprehensive ID card in the public documentation, outlining the secret type, its intended usage and scope, and detailed steps for revocation. If you haven't ...
1 year ago Securityboulevard.com
GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation - GitGuardian, the security leader behind GitHub’s most installed application, today released its comprehensive “2025 State of Secrets Sprawl Report,” revealing a widespread and persistent security crisis that threatens organizations ...
15 hours ago Cybersecuritynews.com
You Don't Know Where Your Secrets Are - Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, ...
2 years ago Thehackernews.com
Over 12 million auth secrets and keys leaked on GitHub in 2023 - GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. The exposed secrets include account passwords, API keys, ...
11 months ago Bleepingcomputer.com
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
1 year ago Securityboulevard.com
The Secret Weakness Execs Are Overlooking: Non-Human Identities - By shifting our focus to secrets security and adopting a comprehensive approach that includes robust detection, automated remediation, and integration with identity systems, organizations can significantly reduce their attack surface and bolster ...
5 months ago Thehackernews.com
Honeytokens for Peace Of Mind - If you have been tackling the realities of secrets sprawl, getting a handle on all the hardcoded credentials in your organization, then we understand the stress and the restless nights that can bring. Even a small team can add hundreds of secrets a ...
1 year ago Feeds.dzone.com
Privileged Access Management for DevOps - Recently, KuppingerCole released the first edition of its Leadership Compass for Privileged Access Management for DevOps. The KuppingerCole report recognizes the unique and complex challenges that exist in DevOps and other dynamic environments. The ...
2 years ago Beyondtrust.com Patchwork
Five Eyes Agencies Put Focus on Active Directory Threats - Security Boulevard - Cybersecurity agencies in the United States and other countries are urging organizations to harden the security around Microsoft’s Active Director (AD) solution, which has become a prime target of hackers looking to compromise enterprise networks. ...
5 months ago Securityboulevard.com
Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
2 years ago Hackread.com Hunters
Avoid high cyber insurance costs by improving Active Directory security - Insurance broker and risk advisor Marsh revealed that US cyber insurance premiums rose by an average of 11% in the first quarter of 2023, and Delinea reported that 67% of survey respondents said their cyber insurance costs increased between 50% and ...
11 months ago Bleepingcomputer.com
CVE-2024-28236 - Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like `parameters`, `image` and `entrypoint` to inject secrets into a ...
11 months ago
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com
Kubernetes Security: Sensitive Secrets Exposed - Cybersecurity researchers are warning of Kubernetes security issues amid the exposure of configuration secrets. Researchers believe that such attacks could be orchestrated using Kubernetes secrets exposed in public repositories as they allow access ...
1 year ago Securityboulevard.com
Entro Security Newest Competitor in 2024 'ASTORS' Awards Program - Secrets management and monitoring are crucial components of any security program. Entro is a holistic secret security platform designed specifically for security teams and CISOs. To ensure that doesn't happen, Entro offers an exclusive secrets ...
1 year ago Americansecuritytoday.com
Apple-backed data breach report says 2.6 billion records leaked in 2 years - An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022. The report by MIT Professor of Information Technology Stuart Madnick, published Thursday, said breaches were up by 20% in the first three ...
1 year ago Scmagazine.com LockBit
Security Boulevard - Veriti proactively monitors and safely remediates risk across the security infrastructure to elevate CNAPP by remediating compensating controls, without disrupting the business. EXECUTIVE SUMMARY. The Veriti and Prisma Cloud integration transforms ...
9 months ago Securityboulevard.com
Integrated Risk Prioritization for Lightspeed Remediation - With cyber threats growing in complexity and sophistication, organizations must adopt proactive measures to safeguard their digital assets. One key aspect of this security strategy is the implementation of an integrated risk prioritization system for ...
1 year ago Cybersecurity-insiders.com
Doppler Launches 'Change Requests' to Strengthen Secrets Management Security with Audited Approvals - Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. ...
5 months ago Cybersecuritynews.com
70 million account credentials were leaked in a massive password dump - A security researcher has unearthed what appears to be one of the biggest password dumps ever. Over 70 million unique credentials have been leaked on the dark web. ADVERTISEMENT. The news came to light when Troy Hunt, the owner of the popular breach ...
1 year ago Ghacks.net
Meet the new CloudGuard: Risk Management in Action - Security teams need to plan the measures taken to reduce the harmful effects of a CVE, to ensure that the applications they are managing remain secure while business availability is not affected, and developers can continue with their day-to-day ...
1 year ago Blog.checkpoint.com
What to Do if You Expose a Secret: How to Stay Calm and Respond to an Incident - You probably are here because you leaked a secret somewhere and want to get straight to rotating the secret. If you are a solo developer or you know for sure you are the only user of the secret and understand what rotating the secret might disrupt, ...
1 year ago Feeds.dzone.com
Security Boulevard - Veriti proactively monitors and safely remediates risk across the security infrastructure to elevate CNAPP by remediating compensating controls, without disrupting the business. EXECUTIVE SUMMARY. The Veriti and Wiz integration transforms cloud ...
9 months ago Securityboulevard.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
AskOmni simplifies and enhances SaaS security - AppOmni unveiled a groundbreaking advancement with the introduction of AskOmni. This AI-powered SSPM assistant developed by the AppOmni OmniScience team propels SSPM into new dimensions, simplifying security operations and issue remediation, and ...
1 year ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)