Blog
Từ đội ngũ
Chúng tôi viết về những gì chúng tôi quan sát được trong lĩnh vực bảo mật thông tin xác thực — những vụ vi phạm bảo mật lẽ ra có thể tránh được, các quyết định kiến trúc mà chúng tôi đã đưa ra cùng lý do, và các mô hình mà chúng tôi cho rằng bất kỳ ai phát triển với tác nhân AI cũng nên nắm rõ.
#15
The Ten Rules of Credential Management
A pass/fail scorecard for any credential system. Ten technical rules, and exactly how Clavitor keeps each one. Most tools fail several.
#12
The malware was signed by Red Hat
This week, credential-stealing code reached developers wearing Red Hat's name. The threat didn't come from outside your circle of trust — it came from inside it. You can't vet your way out of that. You can keep your credentials out of reach.
#11
Our logo is a black box. On purpose.
Every security logo is a shield, a padlock, or a wolf named Trust — a feeling sold as an icon. Ours is a black square, because the product is a black box we can’t read into, and neither can anyone who steals the database.
#7
DigiCert Lost 27 Code Signing Certificates to a Screensaver File
DigiCert, one of the world's largest Certificate Authorities, was compromised by a screensaver file sent through a customer support chat. Their antivirus blocked it four times. The agent kept clicking.
#3
There Should Be Nothing to Harvest
A compromised Bitwarden CLI harvested SSH keys, cloud credentials, and npm tokens from 334 developer machines. The real problem isn't how the malware got in. It's that every secret was sitting there as a plain file, waiting to be read.