diff --git a/.github/workflows/find-secrets.yml b/.github/workflows/find-secrets.yml
index e166dbb673..4f5c79bfcc 100644
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -44,6 +44,6 @@ jobs:
 
       - name: Scan diff for secrets with TruffleHog
         # Action auto-injects --since-commit/--branch from event payload; passing them in extra_args produces duplicate flags.
-        uses: trufflesecurity/trufflehog@ef6e76c3c4023279497fab4721ffa071a722fd05 # v3.92.4
+        uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3.95.2
         with:
           extra_args: --results=verified,unknown