's Avatar

@trufflesec.bsky.social

The company behind TruffleHog, the popular open-source security project. YoutTube: https://www.youtube.com/c/TruffleSecurity LinkedIn: https://www.linkedin.com/company/trufflesecurity/ TikTok: https://www.tiktok.com/@trufflesecurity

36 Followers  |  1 Following  |  11 Posts  |  Joined: 09.12.2024
Posts Following

Posts by (@trufflesec.bsky.social)

Post image

⚠️ Supply chain attacks keep stacking up- Salesforce, S1ngularity/NX & more.

βš’οΈ The same tools attackers use to find secrets are the ones defenders need too.

🐷 That’s why threat intel groups recommend TruffleHog.
πŸ”— Learn why it shows up in your logs: trufflesecurity.com/blog/truffle...

17.09.2025 20:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

πŸ” 8,437 #GCP images. 147M files. 0 live secrets.

☁️ GCP’s strict image controls show clear results vs. AWS & Azure.

πŸ”— Full CloudQuarry report: trufflesecurity.com/blog/guest-p...

18.07.2025 18:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸ”Accessing 15 million "Permanently deleted" commits at scale across GitHub.

πŸ”—A guest post by Sharon Brizinov: trufflesecurity.com/blog/guest-p...

01.07.2025 20:45 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸ”₯ You can now add TruffleHog to Burp Suite!

🌐 Install it directly from the BApp Store
πŸ”Scan web traffic for live, verified credentialsβ€”active & exploitable

Because secrets don’t just leak in code… 😬

πŸ”— trufflesecurity.com/blog/introdu...

13.03.2025 16:57 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

We scanned 400TB of DeepSeek’s training data & found:

🚨 ~12K live API keys & passwords
🌐 2.76M affected pages
πŸ”„ One key appeared 57K+ times
πŸ”‘ 219 secret types (AWS root keys, Slack webhooks, etc.)

πŸ”— Full research: trufflesecurity.com/blog/researc...

27.02.2025 17:57 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Removing Jeff Bezos from my bed -

Do you expect to find an AWS key in your bed?

We found one, and we removed it. We’re sleeping great now.

πŸ”— trufflesecurity.com/blog/removing-jeff-bezos-from-my-bed

21.02.2025 16:04 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 3
Post image

🐷 Under the Hood of TruffleHog!

⚑ Part 1 of 2: How Aho-Corasick + CPU optimizations deliver 11-17% faster scans with precomputed keyword matching. πŸš€

πŸ‘‰ trufflesecurity.com/blog/under-t...

24.01.2025 20:04 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

🚨Today we are announcing a new OAuth bug that affects millions of accounts

🌟 TLDR: Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees

πŸ‘‰ full blog: trufflesecurity.com/blog/million...

13.01.2025 22:59 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 2
Post image

Vigilante Justice on GitHub. πŸ¦‡πŸ¦Έ

Here's how to spray painting on other fraudster's GitHub Activity Graph.

trufflesecurity.com/blog/vigilan...

08.01.2025 08:02 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

🚨 10% of SaaS platforms mishandle GitHub OAuth tokens, opening potential backdoors into corporate accounts. 😱

⚠️ Extends to Azure, Slack & moreβ€”increasing risk with poor token handling.

πŸ›‘ The issue isn’t OAuth; it’s how platforms secure tokens.

πŸ‘‰ trufflesecurity.com/blog/mishand...

19.12.2024 21:57 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

🐷 TruffleHog now decodes APKs to scan for secrets πŸš€

πŸ’‘ Why it matters:
πŸ” APKs often leak secrets, but scanning was slow & complex.
πŸ”“ Now it’s fast, efficient & scalable.
πŸ“Š Tested on WhatsApp & Facebook Messengerβ€”up to 16.5x faster!

πŸ‘‰https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale

09.12.2024 17:33 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1