The company behind TruffleHog, the popular open-source security project. YoutTube: https://www.youtube.com/c/TruffleSecurity LinkedIn: https://www.linkedin.com/company/trufflesecurity/ TikTok: https://www.tiktok.com/@trufflesecurityhttps://bsky.app/profile/trufflesec.bsky.socialhttps://bsky.app/profile/trufflesec.bsky.social/post/3lz2nk4gzjk24⚠️ Supply chain attacks keep stacking up- Salesforce, S1ngularity/NX & more. ⚒️ The same tools attackers use to find secrets are the ones defenders need too. 🐷 That’s why threat intel groups recommend TruffleHog. 🔗 Learn why it shows up in your logs: https://trufflesecurity.com/blog/trufflehog-in-your-log17 Sep 2025 20:13 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lz2nk4gzjk24https://bsky.app/profile/trufflesec.bsky.social/post/3lub3eat2pc2j🔐 8,437 #GCP images. 147M files. 0 live secrets. ☁️ GCP’s strict image controls show clear results vs. AWS & Azure. 🔗 Full CloudQuarry report: https://trufflesecurity.com/blog/guest-post-gcp-cloudquarry-searching-for-secrets-in-public-gcp-images18 Jul 2025 18:31 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lub3eat2pc2jhttps://bsky.app/profile/trufflesec.bsky.social/post/3lswkwzodmk25 🔍Accessing 15 million "Permanently deleted" commits at scale across GitHub. 🔗A guest post by Sharon Brizinov: https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets01 Jul 2025 20:45 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lswkwzodmk25https://bsky.app/profile/trufflesec.bsky.social/post/3lkbkw3oqjk2o🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 🔗 https://trufflesecurity.com/blog/introducing-trufflehog-s-burp-suite-extension-a-techical-deep-dive13 Mar 2025 16:57 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lkbkw3oqjk2ohttps://bsky.app/profile/trufflesec.bsky.social/post/3lj6hpf57m22h We scanned 400TB of DeepSeek’s training data & found: 🚨 ~12K live API keys & passwords 🌐 2.76M affected pages 🔄 One key appeared 57K+ times 🔑 219 secret types (AWS root keys, Slack webhooks, etc.) 🔗 Full research: https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data27 Feb 2025 17:57 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lj6hpf57m22hhttps://bsky.app/profile/trufflesec.bsky.social/post/3lip6lu2jos22Removing Jeff Bezos from my bed - Do you expect to find an AWS key in your bed? We found one, and we removed it. We’re sleeping great now. 🔗 trufflesecurity.com/blog/removing-jeff-bezos-from-my-bed21 Feb 2025 16:04 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lip6lu2jos22https://bsky.app/profile/trufflesec.bsky.social/post/3lgj6xkrt5223🐷 Under the Hood of TruffleHog! ⚡ Part 1 of 2: How Aho-Corasick + CPU optimizations deliver 11-17% faster scans with precomputed keyword matching. 🚀 👉 https://trufflesecurity.com/blog/under-the-hood-the-algorithmic-power-behind-trufflehog-s-secret-scanning-(part-1-of-2)24 Jan 2025 20:04 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lgj6xkrt5223https://bsky.app/profile/trufflesec.bsky.social/post/3lfntn7yvec2v🚨Today we are announcing a new OAuth bug that affects millions of accounts 🌟 TLDR: Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees 👉 full blog: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw13 Jan 2025 22:59 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lfntn7yvec2vhttps://bsky.app/profile/trufflesec.bsky.social/post/3lf7p6cg4xs2gVigilante Justice on GitHub. 🦇🦸 Here's how to spray painting on other fraudster's GitHub Activity Graph. https://trufflesecurity.com/blog/vigilante-justice-on-github08 Jan 2025 08:02 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lf7p6cg4xs2ghttps://bsky.app/profile/trufflesec.bsky.social/post/3ldoujd3cuc2s🚨 10% of SaaS platforms mishandle GitHub OAuth tokens, opening potential backdoors into corporate accounts. 😱 ⚠️ Extends to Azure, Slack & more—increasing risk with poor token handling. 🛑 The issue isn’t OAuth; it’s how platforms secure tokens. 👉 https://trufflesecurity.com/blog/mishandled-oauth-tokens-open-backdoors19 Dec 2024 21:57 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3ldoujd3cuc2shttps://bsky.app/profile/trufflesec.bsky.social/post/3lcvb4hre442g🐷 TruffleHog now decodes APKs to scan for secrets 🚀 💡 Why it matters: 🔍 APKs often leak secrets, but scanning was slow & complex. 🔓 Now it’s fast, efficient & scalable. 📊 Tested on WhatsApp & Facebook Messenger—up to 16.5x faster! 👉https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale09 Dec 2024 17:33 +0000at://did:plc:7khytha3ck7pxeo6bhpigpwi/app.bsky.feed.post/3lcvb4hre442g