GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. GitHub keeps these dangling commits, from what we can tell, forever. In the archive, they show up as “zero-commit” PushEvents.| trufflesecurity.com
We scanned Common Crawl - a massive dataset used to train LLMs like DeepSeek - and found ~12,000 hardcoded live API keys and passwords. This highlights a growing issue: LLMs trained on insecure code may inadvertently generate unsafe outputs.| trufflesecurity.com
Eight Sleep smart bed found to contain an exposed AWS key and a likely backdoor that allowed engineers to remotely access users' beds| trufflesecurity.com
TruffleHog is an open-source secrets scanning tool that digs deep into your code to find secrets, passwords, and sensitive keys that you may have inadvertently committed.| trufflesecurity.com
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.| trufflesecurity.com