惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Know Your Adversary
Know Your Adversary
S
Securelist
I
Intezer
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
P
Privacy International News Feed
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
N
News and Events Feed by Topic
The GitHub Blog
The GitHub Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Schneier on Security
Schneier on Security
N
Netflix TechBlog - Medium
爱范儿
爱范儿
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
S
Secure Thoughts
K
Kaspersky official blog
N
News | PayPal Newsroom
O
OpenAI News
Last Week in AI
Last Week in AI
C
Check Point Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tor Project blog
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
D
Docker
Hugging Face - Blog
Hugging Face - Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
Martin Fowler
Martin Fowler
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog

Hackread – Cybersecurity News, Data Breaches, AI and More

Suspected Cyberattack Sends Fake Emergency Alert to Phones Across Brazil Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords Best Crypto Payment Solutions for E-Commerce Businesses Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity LastPass Confirms Customer Data Breach After Klue OAuth Token Theft ‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism New CryptoBandits Malware Uses USB Drives and Tor to Steal Crypto The Evolution of iGaming Fraud: What Security Teams Should Expect in 2027 2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users Texas Parks and Wildlife Data Breach Affects Over 3M License Customers Threat Hunting Beyond Alerts: Finding the Activity Detection Misses Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data MDR Provider Comparison: Time to Discover and Respond to Threats Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections Nintendo America Employee Data Exposed After Shadowbyt3$ Targets TinyPulse eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks FIFA World Cup 2026: Hackers Target Football Fans With Fake Tickets Sites MacBook Neo vs Windows Laptops for Cybersecurity Tasks Operation Endgame Disrupts SocGholish Malware Infrastructure What Businesses Should Know Before Migrating Their CMS DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents FortiBleed Attack Exposes Fortinet Firewall Credentials in 194 Countries SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Fake Search Clicks Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat 15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys Amos Stealer Targets macOS Keychain Files and Browser Passwords Aembit Extends IAM for Agentic AI to Microsoft Copilot Studio AppViewX Launches Agent Identity Security to Govern Agents for the AI and Quantum Era New Rokarolla Android Trojan Found Targeting 217 Crypto and Banking Apps Best of Android Fax Apps: Top 5 Secure Picks for 2026 Feds Seize CFAKE and SOCFAKE Over Explicit Deepfakes of Famous Women Handala Hacking Group Claims Breach of California Water Service Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores Hackers Hide New Argamal Malware Inside Working Hentai Games Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack The SpaceX Pre-IPO Market: How Crypto Rails Are Opening Synthetic Access Feds Seize AudiA6 and Dark2Web in $389M Crypto Laundering Case ShinyHunters Leak 40GB of University of Nottingham Student Data Authorities Dismantle Decade-Old SniperDZ Phishing Network Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware The Hidden Security Risks of Poor Software Testing FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders How to Turn Images into Animated Videos with AI: A Wondershare Filmora Guide Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer ServiceNow Discloses Security Incident Exposing Customer Data Cloud Security Report Finds Fragmented Tools Widening the Cloud Complexity Gap Microsoft June 2026 Patch Tuesday Fixes 206 Flaws and 3 Zero-Days Network Log Analysis: Why Collecting Logs is Not Enough WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account Atlas Menu Data Breach Exposes 64,000 GTA V and CS2 Cheat Service Users Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil Why eSIMs Are Replacing Traditional SIM Cards Lazarus Group Uses npm Brandjacking Campaign to Target Developers Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff How to Recover Data from iCloud Backup Without Resetting Your iPhone China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware Alcasec, "Robin Hood of Spanish Hackers," Jailed for 31 Months Over Data Theft Fake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions Halo Security Honored with 2026 MSP Today Product of the Year Award Why Encrypted File Sharing Is Essential for Modern Businesses What One Predator Case Can Reveal About an Online Platform’s Safety Gaps RaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users How to Get a Reddit API Key in 2026: Step-by-Step Guide Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts How to Get the Most From Your Explainer Video Production Services Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives 27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users The Deliverability Problem: How New Platforms Are Solving Inbox Placement The CISO Whisperer's Watch List For The Gartner Security & Risk Management Summit 2026 Can Big Data Predict Market Movements Accurately? Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts? Link11 is fully committed to Europe and is opening a Customer Excellence Hub in Lisbon Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack Netherlands Busts Bulletproof Hosting Network Linked to Disinfo and Cybercrime
Developer laptops are the credential store attackers are picking through in 2026, GitGuardian announces Endpoint Protection
CyberNewswire · 2026-06-16 · via Hackread – Cybersecurity News, Data Breaches, AI and More

New York, New York, June 16th, 2026, CyberNewswire

GitGuardian is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations.

After 12 months of supply-chain campaigns harvesting credentials from developer machines, CISOs and IT leaders are reopening a question many considered settled: what does endpoint protection have to cover today, and who owns it?

Across software supply chain incidents and SaaS compromises over the past 12 months, the pattern is the same every time: attackers land on a developer or privileged endpoint, harvest valid credentials sitting in plaintext, and use those credentials to move laterally into production code, cloud control planes, and SaaS apps. The developer endpoint is back at the center of the breach story. The threat model is the part that’s moved.

Attackers have stopped hunting for zero-days when developer endpoints and CI pipelines already hand them the credentials they need. The self-replicating Mini Shai-Hulud worm has compromised more than 300 npm and PyPI packages. The Bitwarden CLI compromise, the Trivy → LiteLLM campaign, and the April 2026 Vercel exposure followed the same pattern: credentials cached on developer or CI endpoints, harvested at scale.

A new exposure class is making the problem worse. Coding agents and MCP servers, now standard on developer and employee machines, generate credentials that persist after a session, pull secrets from password managers and vaults, and routinely leave copies in log files, shell history, and IDE caches. Most organizations deploying these tools have no inventory of what they create or leave behind, and existing security tools are not instrumented to find it.

“Attackers have figured out that secrets at rest on endpoints, especially for non-human identities (NHIs) and API keys, are just as valuable as stolen credentials in Active Directory,” said Ken Buckler, Information Security Research Director at Enterprise Management Associates (EMA). “EDR focuses on malicious processes; identity programs only see secrets after they’re used – so the endpoint becomes the gap. The organizations winning this fight are the ones treating endpoint secrets discovery as a first-class security problem, not bolting it onto EDR as an afterthought.”

The Three Moves Defenders Are Making

Incident responders converge on three moves. First, treat every developer and privileged endpoint as a credential store and inventory them as such. Second, prioritize credentials by what they grant access to, not by where they were found. Third, shorten the lifetime of anything that cannot be removed. Defenders who can answer “what was on this machine on this date” recover faster from a supply-chain hit.

A Credentials-First Approach to the Endpoint

GitGuardian today introduced Developer Endpoint Protection, extending its secrets detection, honeytoken, and non-human identity (NHI) coverage to developer and privileged workstations. Unlike endpoint tools focused on malicious binaries or package provenance, Endpoint Protection is built around the credentials themselves and the AI tooling that increasingly generates them. Each secret found on a machine maps back to the production systems it unlocks and to every other place the same credential lives. Each coding agent and MCP server discovered on the endpoint is inventoried alongside it, so unsanctioned or malicious MCPs surface before they exfiltrate credentials, not after. 

It is built for organizations that lack a machine-by-machine view of credentials. Endpoint Protection runs as a scheduled scan deployed through existing MDM tooling, completing in roughly a minute on most developer machines.

How Endpoint Protection helps

Endpoint Protection closes three gaps that existing security stacks leave wide open:

Remediation at the source: redacts secrets from shell and command history, migrates active credentials into vaults and local secrets managers, and prevents coding AI agents from spreading secrets across the machine through GitGuardian agent hooks.

Blast-radius containment: continuously hunts plaintext credentials across every endpoint, scores each by severity and access scope, and pushes high-risk findings straight into the SOC, SIEM, and SOAR, ready to act on the moment a breach lands.

Live attack detection: honeytokens fire the moment an infostealer steals a credential and auto-validate it from the laptop, giving security teams attribution-rich alerts in real time, not low-confidence signals after the fact.

“Over the past few months, barely a week has gone by without a major breach involving credentials stolen from a laptop,” said Eric Fourrier, CEO and co-founder of GitGuardian. Our beta program data shows an average of 150 secrets on developer laptops, with some even ranging into the thousands. Among these secrets, private keys account for 38% of unique secrets, while cloud, identity provider, and secret management credentials like AWS IAM and Hashicorp Vault add another 22%. And the most interesting point is that 40% of secrets are found in AI directories/logs, demonstrating the impact of AI adoption. The partition between code-resident and endpoint-resident credentials no longer exists for attackers, and it cannot exist for defenders.”

Additional resources

Endpoint Protection – Product details

GitGuardian – Website

About GitGuardian 

GitGuardian helps organizations protect exposed credentials and guard non-human identities across code, cloud, and developer environments. It detects secret leaks, monitors public exposure, and helps teams remediate risks at enterprise scale.

Widely adopted by developer communities, GitGuardian is the #1 security application on GitHub Marketplace and is used by over 500 thousand developers and leading companies, including Snowflake, Orange, ING, BASF, Maven Wave, Euronext and Bouygues Telecom. To learn more about GitGuardian, users can visit https://www.gitguardian.com.

Contact

Media Contact
Holly Hagerman
GitGuardian
[email protected]
+18013737888