's Avatar

@trufflesec

The company behind TruffleHog, the popular open-source security project. YoutTube: https://www.youtube.com/c/TruffleSecurity LinkedIn: https://www.linkedin.com/company/trufflesecurity/ TikTok: https://www.tiktok.com/@trufflesecurity

36
Followers 1
Following 11
Posts 09.12.2024
Joined
Posts Following

Latest posts by @trufflesec

Post image

⚠️ Supply chain attacks keep stacking up- Salesforce, S1ngularity/NX & more.

⚒️ The same tools attackers use to find secrets are the ones defenders need too.

🐷 That’s why threat intel groups recommend TruffleHog.
🔗 Learn why it shows up in your logs: trufflesecurity.com/blog/truffle...

17.09.2025 20:13 👍 0 🔁 0 💬 1 📌 0
Post image

🔐 8,437 #GCP images. 147M files. 0 live secrets.

☁️ GCP’s strict image controls show clear results vs. AWS & Azure.

🔗 Full CloudQuarry report: trufflesecurity.com/blog/guest-p...

18.07.2025 18:31 👍 0 🔁 0 💬 0 📌 0
Post image

🔍Accessing 15 million "Permanently deleted" commits at scale across GitHub.

🔗A guest post by Sharon Brizinov: trufflesecurity.com/blog/guest-p...

01.07.2025 20:45 👍 1 🔁 0 💬 0 📌 0
Post image

🔥 You can now add TruffleHog to Burp Suite!

🌐 Install it directly from the BApp Store
🔍Scan web traffic for live, verified credentials—active & exploitable

Because secrets don’t just leak in code… 😬

🔗 trufflesecurity.com/blog/introdu...

13.03.2025 16:57 👍 4 🔁 2 💬 0 📌 0
Post image

We scanned 400TB of DeepSeek’s training data & found:

🚨 ~12K live API keys & passwords
🌐 2.76M affected pages
🔄 One key appeared 57K+ times
🔑 219 secret types (AWS root keys, Slack webhooks, etc.)

🔗 Full research: trufflesecurity.com/blog/researc...

27.02.2025 17:57 👍 0 🔁 0 💬 0 📌 0
Post image

Removing Jeff Bezos from my bed -

Do you expect to find an AWS key in your bed?

We found one, and we removed it. We’re sleeping great now.

🔗 trufflesecurity.com/blog/removing-jeff-bezos-from-my-bed

21.02.2025 16:04 👍 2 🔁 2 💬 0 📌 3
Post image

🐷 Under the Hood of TruffleHog!

⚡ Part 1 of 2: How Aho-Corasick + CPU optimizations deliver 11-17% faster scans with precomputed keyword matching. 🚀

👉 trufflesecurity.com/blog/under-t...

24.01.2025 20:04 👍 3 🔁 1 💬 0 📌 0
Post image

🚨Today we are announcing a new OAuth bug that affects millions of accounts

🌟 TLDR: Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees

👉 full blog: trufflesecurity.com/blog/million...

13.01.2025 22:59 👍 5 🔁 2 💬 0 📌 2
Post image

Vigilante Justice on GitHub. 🦇🦸

Here's how to spray painting on other fraudster's GitHub Activity Graph.

trufflesecurity.com/blog/vigilan...

08.01.2025 08:02 👍 2 🔁 1 💬 0 📌 0
Post image

🚨 10% of SaaS platforms mishandle GitHub OAuth tokens, opening potential backdoors into corporate accounts. 😱

⚠️ Extends to Azure, Slack & more—increasing risk with poor token handling.

🛑 The issue isn’t OAuth; it’s how platforms secure tokens.

👉 trufflesecurity.com/blog/mishand...

19.12.2024 21:57 👍 1 🔁 2 💬 0 📌 0
Post image

🐷 TruffleHog now decodes APKs to scan for secrets 🚀

💡 Why it matters:
🔍 APKs often leak secrets, but scanning was slow & complex.
🔓 Now it’s fast, efficient & scalable.
📊 Tested on WhatsApp & Facebook Messenger—up to 16.5x faster!

👉https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale

09.12.2024 17:33 👍 2 🔁 0 💬 0 📌 1