Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised, leaking secrets through workflow logs and impacting thousands of CI pipelines. All tagged versions were modified, making tag-based pinning unsafe. Public repositories are at the highest risk, but private repos should also verify their exposure.

On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this action to track file changes, and it is now known to have been tampered with, posing a risk to both public and private projects. A CVE has been created for this issue: CVE-2025-30066.

Earlier this week, users of the X (formerly Twitter) social network were either unable to access the platform or experienced service degradation somehow. On March 10, 2025, reports emerged of users worldwide being unable to log in, post, or view content. This incident was later attributed to a large-scale distributed denial-of-service (DDoS) attack targeting X's infrastructure.

Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical security measures. SIM swapping is a technique in which an attacker takes over a victim’s phone number, which enables them to access the victim’s accounts. This involves tricking the telecom operator into reassigning the victim’s phone number to a SIM card controlled by the attacker.

Adversaries don’t need to force their way in when they can slip through an organization’s overlooked assets. Subdomain takeovers are a prime example of how attackers exploit misconfigured or abandoned DNS records to gain access, launch phishing campaigns, distribute malware, or take other malicious actions — all while operating under the guise of a legitimate corporate domain.

Cybersecurity incidents continue to make headlines, with the latest victim being Tata Technologies, a leading global engineering and technology services company. The HUNTUBS ransomware group has claimed responsibility for a major attack, leaking sensitive corporate data. The incident, which resulted in the theft of 1.4 TB of confidential data, has raised concerns about cybersecurity resilience among major enterprises.

Since its introduction into cybersecurity in the late 1980s as a tool for detecting unusual activity, artificial intelligence (AI) has grown in popularity and functionality, with a major surge of adoption happening in the past few years, thanks to its growing ability to perform tasks faster and more accurately than humans. However, AI has never operated in isolation; it has always relied on human input. And any advanced technology that requires human input can be used for both good and bad.