mcdwayneI am extremely proud to say that #GitGuardian has raised our Series C funding, validating everything we have been working for over the past few years and setting the stage for an exciting next few years of fighting secrets sprawl.
Stop what you are doing and watch this amazing talk from someone who I am proud to call a colleague from #GitGuardian.
The level of research Gaëtan does is inspiring
Race Against The Workflows: Stealing GitHub Tokens from Docker Images - Gaëtan Ferry
InfoSecSherpa#DevOps Days Philadelphia was held recently!
Over 2 days, the conference covered #AI in DevOps and governance, secrets and non-human identities, runtime security and observability, resilience over perfection, GitOps at scale, and alerting hygiene.
Read the #GitGuardian roundup here!
https://cybersec.gitguardian.com/s/devops-days-philadelphia-2025-security-as-a-control-loop-resilience-runtime-risks-and-how-ai-is-changing-it-23386
卡拉今天看了什麼The Nx "s1ngularity" Attack: Inside the Credential Leak
LinkNx 套件供應鏈攻擊揭露未來資安威脅趨勢與防護挑戰https://example.com/article/nx-supply-chain-attack-analysis
📌 Summary:
本篇文章深入分析了 Nx 套件發生的供應鏈攻擊案例,揭露攻擊者如何運用多重手法系統性竊取系統中包括 GitHub 令牌、npm 認證金鑰、SSH 私鑰、環境變數 API 金鑰及加密貨幣錢包等敏感憑證。攻擊流程涵蓋掃描常見檔案位置和環境變數,強調攻擊的全面性,並透過雙層 base64 編碼隱匿竊取資料,利用 GitHub 上命名規則為「s1ngularity-repository」的公開儲存庫作為資料外洩管道。攻擊者也植入破壞性負載,修改 shell 啟動檔執行系統關機,另嘗試透過大型語言模型(LLM)客戶端尋找並竊取憑證,因這些 AI CLI 工具通常具備較高權限並存取敏感開發環境。文章指出感染系統中 macOS 佔多數,反映蘋果平臺於開發者社羣的影響力。GitGuardian 對外發布免費工具 S1ngularity Scanner,協助用戶偵測是否受影響。值得注意的是,攻擊所竊取的憑證多半尚未被及時撤銷,反映開發者對於憑證洩漏反應不足。最後文章強調遭竊憑證僅刪除檔案不夠,必須妥善盤點、即時撤銷並自動化操作,纔能有效提升供應鏈攻擊下的整體企業防護能力。
🎯 Key Points:
→ 攻擊手法與目標:
★ 系統掃描包含 GitHub token、npm keys、SSH 金鑰與環境變數 API keys,著重憑證搜刮以助於側移動作。
★ 憑證資料以雙層 base64 編碼躲避偵測,並利用 GitHub 「s1ngularity-repository」儲存庫公開外洩。
★ 植入破壞性程式碼改寫 ~/.bashrc、~/.zshrc,造成新終端機啟動即崩潰。
★ 針對 LLM 工具如 Claude、Gemini、Q 等特定 AI CLI 客戶端蒐集憑證,因這些工具具高權限並關聯敏感環境。
→ 受影響環境與惡意檔案監控:
★ 約 85% 感染系統為 macOS,凸顯針對蘋果平臺開發生態系。
★ 33% 系統安裝有至少一套 LLM 工具,證實攻擊者的策略合乎當前 AI 開發趨勢。
★ 多數 LLM 客戶端對惡意指令不予配合,展現出意外的安全防護效果。
★ GitGuardian 監控發現超過 1,300 個相關公開儲存庫,儘管大多被 GitHub 迅速刪除,仍有超過千條有效且仍未撤銷的憑證洩露。
→ 防護與回應建議:
★ GitGuardian 推出免費工具 S1ngularity Scanner 及 HasMySecretLeaked 服務,方便用戶檢測憑證是否遭外洩。
★ 強調僅刪除暴露文件不夠,必須立刻撤銷憑證並實施全面盤點。
★ 企業必須建置自動化憑證管理及撤銷機制,以降低供應鏈攻擊後憑證被濫用的風險。
★ 供應鏈攻擊已威脅開發者生態系,對安全策略提出挑戰,未來軟體交付必須具備快速偵測、響應及控制能力。
🔖 Keywords:
#Nx套件攻擊 #供應鏈攻擊 #憑證竊取 #大型語言模型 LLM #GitGuardian
The Nx "s1ngularity" Attack: Inside the Credential Leak
On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller scope of exposure.
Thomas Fricke (he/his)"#DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (#DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security."
https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/
KrebsOnSecurity RSSDOGE Denizen Marko Elez Leaked API Key for xAI
https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/
#VicePresidentJ.D.Vance #TheWallStreetJournal #PhilippeCaturegli #TheWashingtonPost #ALittleSunshine #BusinessInsider #TheNewYorkTimes #TheComingStorm #PresidentTrump #DataBreaches #GitGuardian #Techcrunch #MarkoElez #Seralys #twitter #GitHub #DOGE #Grok #xAI #X
ITSEC NewsDOGE Denizen Marko Elez Leaked API Key for xAI - Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficie... https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/ #vicepresidentj.d.vance #thewallstreetjournal #philippecaturegli #thewashingtonpost #alittlesunshine #businessinsider #thenewyorktimes #thecomingstorm #presidenttrump #databreaches #gitguardian #techcrunch #markoelez #seralys #twitter #github #doge #grok #xai #x
michabbb#Security Alert: Massive #Laravel APP_KEY leak exposing 600+ apps to remote code execution 🚨 #GitGuardian & #Synacktiv research reveals 260,000 exposed keys on #GitHub with potential RCE via deserialization attacks #cybersecurity #php #opensource
https://blog.gitguardian.com/exploiting-public-app_key-leaks/
Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications
Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs - An employee at Elon Musk’s artificial intelligence company xAI leaked a private ke... https://krebsonsecurity.com/2025/05/xai-dev-leaks-api-key-for-private-spacex-tesla-llms/ #departmentofgovernmentefficiency #generalservicesadministration #philippecaturegli #thewashingtonpost #alittlesunshine #latestwarnings #thecomingstorm #carolewinqwist #ericfourrier #gitguardian #twitter/x #reuters #seralys #github #spacex #tesla #doge
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
https://krebsonsecurity.com/2025/05/xai-dev-leaks-api-key-for-private-spacex-tesla-llms/
#DepartmentofGovernmentEfficiency #GeneralServicesAdministration #PhilippeCaturegli #TheWashingtonPost #ALittleSunshine #LatestWarnings #TheComingStorm #CaroleWinqwist #EricFourrier #GitGuardian #Twitter/X #Reuters #Seralys #GitHub #SpaceX #Tesla #DOGE #Grok #GSAi #xAI