Advertisement · 728 × 90

Posts by

Post image

⚠️ Supply chain attacks keep stacking up- Salesforce, S1ngularity/NX & more.

⚒️ The same tools attackers use to find secrets are the ones defenders need too.

🐷 That’s why threat intel groups recommend TruffleHog.
🔗 Learn why it shows up in your logs: trufflesecurity.com/blog/truffle...

7 months ago 0 0 1 0
Post image

🔐 8,437 #GCP images. 147M files. 0 live secrets.

☁️ GCP’s strict image controls show clear results vs. AWS & Azure.

🔗 Full CloudQuarry report: trufflesecurity.com/blog/guest-p...

9 months ago 0 0 0 0
Post image

🔍Accessing 15 million "Permanently deleted" commits at scale across GitHub.

🔗A guest post by Sharon Brizinov: trufflesecurity.com/blog/guest-p...

9 months ago 1 0 0 0
Post image

🔥 You can now add TruffleHog to Burp Suite!

🌐 Install it directly from the BApp Store
🔍Scan web traffic for live, verified credentials—active & exploitable

Because secrets don’t just leak in code… 😬

🔗 trufflesecurity.com/blog/introdu...

1 year ago 4 2 0 0
Post image

We scanned 400TB of DeepSeek’s training data & found:

🚨 ~12K live API keys & passwords
🌐 2.76M affected pages
🔄 One key appeared 57K+ times
🔑 219 secret types (AWS root keys, Slack webhooks, etc.)

🔗 Full research: trufflesecurity.com/blog/researc...

1 year ago 0 0 0 0
Post image

Removing Jeff Bezos from my bed -

Do you expect to find an AWS key in your bed?

We found one, and we removed it. We’re sleeping great now.

🔗 trufflesecurity.com/blog/removing-jeff-bezos-from-my-bed

1 year ago 2 2 0 3
Post image

🐷 Under the Hood of TruffleHog!

⚡ Part 1 of 2: How Aho-Corasick + CPU optimizations deliver 11-17% faster scans with precomputed keyword matching. 🚀

👉 trufflesecurity.com/blog/under-t...

1 year ago 3 1 0 0
Post image

🚨Today we are announcing a new OAuth bug that affects millions of accounts

🌟 TLDR: Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees

👉 full blog: trufflesecurity.com/blog/million...

1 year ago 5 2 0 2
Post image

Vigilante Justice on GitHub. 🦇🦸

Here's how to spray painting on other fraudster's GitHub Activity Graph.

trufflesecurity.com/blog/vigilan...

1 year ago 2 1 0 0
Post image

🚨 10% of SaaS platforms mishandle GitHub OAuth tokens, opening potential backdoors into corporate accounts. 😱

⚠️ Extends to Azure, Slack & more—increasing risk with poor token handling.

🛑 The issue isn’t OAuth; it’s how platforms secure tokens.

👉 trufflesecurity.com/blog/mishand...

1 year ago 1 2 0 0
Advertisement
Post image

🐷 TruffleHog now decodes APKs to scan for secrets 🚀

💡 Why it matters:
🔍 APKs often leak secrets, but scanning was slow & complex.
🔓 Now it’s fast, efficient & scalable.
📊 Tested on WhatsApp & Facebook Messenger—up to 16.5x faster!

👉trufflesecurity.com/blog/cracking-open-apk-f...

1 year ago 2 0 0 1