Betterleaks open-source secrets scanner launch as Gitleaks successor
Security Tool/Service
Summary
Hide ▲
Show ▼
The launch of Betterleaks adds an open-source secrets scanner that can inspect directories, files, and git repositories for valid secrets. It uses default or customized rules to validate findings, which can reduce false positives and speed triage. The tool is positioned as a successor to Gitleaks, with support from Aikido. The update matters because it helps teams find exposed credentials, API keys, private keys, and tokens before attackers harvest them.
Related Happenings
Aqua Security hit by data theft breach
Incident
First: 20.03.2026 19:47
Last: 20.03.2026 19:47
Sources 1
About this happening:
The **Aqua Security Trivy** incident involved a **supply-chain compromise** that delivered a **credential-stealing infostealer** through trusted releases and **GitHub Actions**. A...
Aqua Security hit by data theft breach
IncidentAbout this happening: The **Aqua Security Trivy** incident involved a **supply-chain compromise** that delivered a **credential-stealing infostealer** through trusted releases and **GitHub Actions**. A...
Latest development: 23.03.2026 10:31
TeamPCP broadened the Trivy supply-chain compromise by pushing trojanized Docker Hub images for Trivy 0.69.4, 0.69.5, and 0.69.6 on March 22, 2026, then defacing all 44 internal repositories in Aqua Security's aquasec-com GitHub organization by renaming them with the tpcp-docs- prefix, setting descriptions to "TeamPCP Owns Aqua Security," and exposing them publicly.
GlassWorm supply-chain malware wave across GitHub, npm, and VSCode/OpenVSX
Malware Activity
First: 17.03.2026 23:42
Last: 17.03.2026 23:42
Sources 1
About this happening:
**GlassWorm** returned in a **new coordinated supply-chain attack** that compromised **433 components** across **GitHub, npm, and VSCode/OpenVSX**, creating a broad software-distr...
GlassWorm supply-chain malware wave across GitHub, npm, and VSCode/OpenVSX
Malware ActivityAbout this happening: **GlassWorm** returned in a **new coordinated supply-chain attack** that compromised **433 components** across **GitHub, npm, and VSCode/OpenVSX**, creating a broad software-distr...
Latest development: 28.04.2026 00:41
GlassWorm returned in an OpenVSX supply-chain wave with 73 cloned sleeper extensions that were benign at upload and later turned malicious after an update, with six already activated to deliver malware. The extensions act as thin loaders that fetch payloads through GitHub-hosted secondary VSIX packages, platform-specific .node modules, or heavily obfuscated JavaScript, shifting the campaign toward submitting innocuous extensions first and introducing the malicious payload later.
GlassWorm open-source supply-chain campaign targeting developers
Campaign
First: 14.03.2026 14:55
Last: 14.03.2026 14:55
Sources 1
About this happening:
The **GlassWorm** campaign has added a new **Open VSX** wave of **73 cloned VS Code extensions** that impersonate legitimate packages to build trust before delivering malware. **S...
GlassWorm open-source supply-chain campaign targeting developers
CampaignAbout this happening: The **GlassWorm** campaign has added a new **Open VSX** wave of **73 cloned VS Code extensions** that impersonate legitimate packages to build trust before delivering malware. **S...
Latest development: 17.03.2026 23:42
GlassWorm renewed its supply-chain campaign against GitHub, npm, and VSCode/OpenVSX, with researchers identifying 433 compromised components this month across 200 GitHub Python repositories, 151 GitHub JS/TS repositories, 72 VSCode/OpenVSX extensions, and 10 npm packages. The operators compromised GitHub accounts to force-push malicious commits, published obfuscated code using invisible Unicode characters, and used Solana blockchain transactions as C2 to deliver a Node.js runtime and a JavaScript-based information stealer that targets cryptocurrency wallet data, credentials, access tokens, SSH keys, and developer environment data.
BeardShell and Covenant custom implant deployment
Malware Activity
First: 10.03.2026 12:00
Last: 10.03.2026 12:00
Sources 1
About this happening:
**APT28** is deploying **customized Covenant** and **BeardShell** implants to sustain espionage against **Ukrainian government and military targets**, strengthening stealth and pe...
BeardShell and Covenant custom implant deployment
Malware ActivityAbout this happening: **APT28** is deploying **customized Covenant** and **BeardShell** implants to sustain espionage against **Ukrainian government and military targets**, strengthening stealth and pe...
Anthropic launches Claude Opus 4.6 with code review and vulnerability-finding capabilities
Security Tool/Service
First: 06.02.2026 07:49
Last: 06.02.2026 07:49
Sources 1
About this happening:
**Anthropic** launched **Claude Opus 4.6** with stronger **code review** and **debugging** support, and the model has already been used to uncover **more than 500** previously unk...
Anthropic launches Claude Opus 4.6 with code review and vulnerability-finding capabilities
Security Tool/ServiceAbout this happening: **Anthropic** launched **Claude Opus 4.6** with stronger **code review** and **debugging** support, and the model has already been used to uncover **more than 500** previously unk...
Timeline
-
15.03.2026 16:17 2 articles · 2mo ago
Betterleaks open-source secrets scanner launch
Initial DisclosureBetterleaks is introduced as a new open-source secrets-scanning tool that scans directories, files, and git repositories to identify valid secrets using default or customized rules. The project is presented as a successor to Gitleaks, is maintained by the same team with support from Aikido, and is developed by Zach Rice of Aikido Security.
Show sources
- Betterleaks, a new open-source secrets scanner to replace Gitleaks — www.bleepingcomputer.com — 15.03.2026 16:17
- Betterleaks, a new open-source secrets scanner to replace Gitleaks — www.bleepingcomputer.com — 15.03.2026 16:17