Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.

The post No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours appeared first on Security Boulevard.

Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.

The post Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too appeared first on Security Boulevard.

GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation.

The post 2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk appeared first on Security Boulevard.