We're so happy to Open Source TruffleHog V3!

Might we have a word.

Congrats to @trufflesec on raising $25M in #SeriesB #funding! 🎊With this round, Truffle will expand its detection, verification, and remediation solution and innovation in non-human identity (NHI) protection. Read more in @NickWashburn80 and Sunil Kurkure’s blog post:

🚀BIG NEWS! Truffle Security raised a $25M Series B led by @intelcapital & @a16z to accelerate making secrets easier to manage 🐷 Starting today - TruffleHog GCP Analyze maps leaked GCP secrets, their permissions & reach to remediate with confidence 🔗 https://t.co/AXMIVpvKW3

🔒 We’ve been tackling #NHI since before it was NHI. 📷This post, from the pioneers of open-source secret scanning, breaks down what matters when it comes to secrets. 👉 https://t.co/ohfbFmIRrx

⭐️Huge thanks to Adam Reiser of Cisco Talos for helping us harden TruffleHog! 🐷 We’ve updated TruffleHog, improving how untrusted Git repos are handled. 🙌Shoutout to the open-source community for making TruffleHog stronger! 👉 https://t.co/wMsHnS4k7J

⚠️ Supply chain attacks keep stacking up- Salesforce, S1ngularity/NX & more. ⚒️ The same tools attackers use to find secrets are the ones defenders need too. 🐷 That’s why threat intel groups recommend TruffleHog. 🔗 Learn why it shows up in your logs: https://t.co/Vs9CSwdjNe

🚨Threat actors are targeting Salesforce instances to steal creds hidden in Case objects 🔍 Google Threat Intel advises scanning sensitive data (Cases, Accounts, Users, etc.) with 🐷TruffleHog before attackers do 🔗 https://t.co/yhMbvoTfST

🚨 Nx build system hit by a supply-chain attack (8/26). Infected NPM versions stole GitHub tokens, SSH keys, wallets & NPM tokens. ⚠️Later used (8/28–29) to flip private repos public. If you see repos like s1ngularity-repository, revoke tokens ASAP. 🔗 https://t.co/uYvLZRYZDM

The #s1ngularity attack second wave is ongoing. Private repositories are turning public with new names. Impacted organizations need to MOVE NOW to rotate their secrets. Use tools like trufflehog to check. Assume everything that went public is compromised. @trufflesec for viz.

☁️Some clouds leak secrets. One stands apart. 🌟Join our 8/26 webinar to see what 🐷TruffleHog found scanning tens of thousands of #AWS, #Azure & #GCP images. 🔗 Register: https://t.co/wgbSGZ3HW7

Meet the Truffle Security team at Booth 5511 @BlackHatEvents. Come by, find the leaked secrets and win a prize. #TruffleHog

🔐 8,437 #GCP images. 147M files. 0 live secrets. ☁️ GCP’s strict image controls show clear results vs. #AWS & #Azure. 🔗 Full CloudQuarry report: https://t.co/YaWIqitffs

Think secrets are gone after a force push? Think again. 🔍We built Force Push Scanner to find secrets in dangling GitHub commits. 🙀Millions are still exposed. 🔗 https://t.co/ZDLgxp1Vmw

🔍Accessing 15 million "Permanently deleted" commits at scale across GitHub. 🔗A guest post by Sharon Brizinov: https://t.co/cjD7XjmLtO

I asked @MayaKaczorowski (former Senior Director @github) about her thoughts about GitHub's identity system. Personally I think managing identity in GitHub is clear as mud.

Accompanying blog (video has more detail) https://t.co/nFoTBWQ4oj

Full 30 minute talk: https://t.co/O7UetUpc4R

Here's how to make LLM's self replicate. Embedding LLM's into traditional malware worms. Originally presented by @InsecureNature at @BSidesSF 🧵👇👇👇

May your secrets be with you! #MayTheFourthBeWithYou #TruffleHog

Tomorrow I'll be speaking at @BSidesSF at 11:15am. The topic? Aligning light weight AI models to become self replicating ransomware worms. Join me on the IMAX.